The SATRA lab is the project I use when I want to show audit discipline rather than just tool usage. The work followed a complete security assessment path: reconnaissance, nmap enumeration, service identification, vulnerability validation, evidence collection, and remediation recommendations.
What mattered most was the report. A scan result is not an audit finding by itself. I had to connect the technical observation to a risk, explain the evidence, and propose a fix that made sense for the environment. That is the part recruiters in consulting, GRC, and industrial cybersecurity tend to care about.
The lab also pushed me to be precise about uncertainty. Some findings are confirmed. Some are hypotheses. Some are not worth escalating. Learning to separate those categories is as important as knowing the command syntax.
What this demonstrates:
- End-to-end audit workflow, not isolated screenshots.
- Technical evidence translated into risk and remediation.
- Familiarity with Kali, nmap, service enumeration, and reporting.