π Connect on LinkedIn
π Cybersecurity Enthusiast | Analyst
Iβm passionate about securing systems and solving real-world problems through hands-on projects. My portfolio highlights how I apply cybersecurity tools and frameworks to improve threat detection, vulnerability management, and operational resilience.
- π Windows 10 STIG Remediation Scripts
A growing collection of PowerShell scripts designed to automate remediation of DISA STIG findings on Windows systems. Each lab follows a standardized structure and includes clear metadata, usage instructions, and STIG traceability (e.g.,WN10-AU-000500).
Ideal for compliance hardening, audit preparation, or RMF/ATO alignment in federal and defense environments.
π Threat Hunting Labs π
-
π΅οΈββοΈ The Invisible RDP
Investigates a suspicious RDP connection from a public IP that bypassed standard logging. Uncovers abuse ofsvchost.exe, persistent execution ofwermgr.exe -upload, and stealthy HTTPS exfiltration activity using native Windows binaries. -
π΅οΈββοΈ Unauthorized TOR Activity Detection
Investigates unsanctioned installation and usage of the TOR browser using endpoint telemetry and network activity. Demonstrates detection of silent installation, anonymous traffic over TOR relay ports, and artifacts suggesting user concealment attempts. -
π‘οΈ PwnCrypt Ransomware Detection
Detects file encryption activity, delivery via PowerShell, and execution of thepwncrypt.ps1ransomware script using Microsoft Defender telemetry and MITRE ATT&CK mapping. -
π§ͺ Suspicious Insider Exfiltration Attempt
Investigates potential insider threat activity using Microsoft Defender for Endpoint, correlating file, process, and network telemetry to detect staged data exfiltration. -
π Threat Hunt: PowerShell Port Scanning
Detection and investigation of internal lateral movement using obfuscated scripts. -
π Threat Hunt: Exposed VM Brute Force
Analysis of brute-force behavior on a cloud-based Linux server.
π§ͺ Incident Response Labs π
-
π Impossible Travel Detection with Microsoft Sentinel
Detects anomalous sign-in behavior across distant geographic locations in short timeframes. Implements a Sentinel analytics rule and KQL-based investigation to identify potential account compromise. Follows the NIST IR framework for containment, validation, and closure. -
β‘ PowerShell Suspicious Web Request Detection
Simulates post-exploitation behavior where PowerShell downloads remote payloads usingInvoke-WebRequest. Includes Sentinel rule creation, incident triage, and MDE-based containment following the NIST IR framework. -
π Brute Force Detection with Microsoft Sentinel
Detects multiple failed login attempts from the same remote IP using KQL and Microsoft Sentinel analytics rules. -
πΊοΈ Sentinel Log Visualizations & Attack Maps
Leverages Microsoft Sentinel to map failed logins, malicious flows, and Azure resource creation activity using KQL, custom watchlists, and Workbook-based heatmaps. Visualizes geolocated attack data across Entra ID, VM authentication, and NSG traffic using real telemetry.
β οΈ Vulnerability Management Projects π
-
π§ Vulnerability Management Program Implementation
A complete documentation-based approach to launching an internal vulnerability management program. -
π» Programmatic Remediation Scripts (PowerShell)
Automated scripts for common CVE remediation and configuration hardening. -
π¬ Prompt Engineering References
ChatGPT prompts used to generate and refine PowerShell remediation scripts, demonstrating structured problem-solving and AI-assisted development.
π οΈ Security Tools π
-
π οΈ Process Investigation with PowerShell Identify, analyze, and validate suspicious Windows processes using native PowerShell tools and reputation checks.
-
π GPG Signature Verification Guide
A step-by-step guide for verifying file authenticity and integrity using GPG with real-world examples. -
π§ͺ File Integrity Verification (SHA256)
Validates that a downloaded file hasnβt been altered using SHA256 hash checking in PowerShell. -
π SSH Key Authentication Lab
A hands-on guide to configuring and using SSH key-based authentication.
π Home Network Security π
-
π Secure SOHO Network
Documents the design and implementation of a secure small office/home office (SOHO) network. Features include IoT segmentation, guest SSID isolation, firewall configuration, endpoint protection with Malwarebytes, NordVPN, BitLocker encryption, and a Raspberry Pi syslog server for centralized logging. -
π§ Kibana KQL Linux Threat Queries
A curated set of Kibana Query Language (KQL) filters for detecting suspicious Linux activity including SSH brute force attempts, failed privilege escalation, reverse shell behavior, cron job tampering, and unexpected service starts. Designed for home labs or SOC environments leveraging syslog data and the ELK stack. -
π¨οΈ Printer Firewall Hardening
Secure a network printer by applying precise Windows Defender Firewall rules to block public exposure while preserving vendor updating & management functionality. -
π‘οΈ Secure Network Security Profile
Evaluates and documents the security posture of a SOHO network with layered defenses including VLAN segmentation, endpoint hardening, router firewall rules, BitLocker encryption, and syslog integration via Raspberry Pi. Includes visual diagrams and implementation walkthrough.
More tools coming soon: remediation automations, network analysis helpers, and more.
π« Iβm always open to collaborate or discuss how to bring security into solution design.