Projects
Malware Analysis Lab
Built an isolated Windows malware analysis environment to safely execute and investigated suspicious executables using static and dynamic analysis techniques.
What I Did
- Created a controlled analysis environment using a Windows virtual machine
- Performed static analysis to inspect PE structure, strings, imports, and metadata
- Executed samples and monitored runtime behavior including process creation and system changes
- Identified persistence mechanisms such as Run keys and Startup folder placement
- Extracted indicators of compromise including dropped files and registry modifications
Analysis & Investigation
- Observed privilege escalation attempts and User Account Control triggers
- Detected defense-evasion behavior including security control modification
- Correlated sandbox results with behavioral observations
- Documented malware behavior consistent with loader-stage activity
- Verified persistence behavior across system reboot
Tools
VirtualBox • x32dbg • Process Explorer • AutoRuns • RegShot • CFF Explorer • VirusTotal • CAPE Sandbox
Report
View Full Analysis Report | Download PDF
__________
Raspberry Pi Homelab
Built and maintained a Linux-based home network lab to practice network monitoring and DNS analysis.
What I Did
- Configured a Raspberry Pi as a dedicated network security appliance
- Deployed Pi-hole to provide network-wide DNS filtering
- Blocked advertisements, trackers, and known malicious domains across the local network
- Maintained and tuned blocklists to reduce false positives
- Used DNS query logs to understand device behavior and outbound connections
Monitoring & Investigation
- Analyzed DNS queries to identify suspicious or unnecessary external communication
- Investigated unusual domain requests generated by devices and applications
- Validated filtering effectiveness by comparing traffic before and after blocking rules
Tools
Raspberry Pi • Linux • Pi-hole • DNS Logs • Network Monitoring
__________
SSH Auth Failure Log Analyzer
Built a lightweight security monitoring tool to analyze real SSH authentication failures on a Linux system using Windows Subsystem for Linux (WSL).
What I Did
- Parsed SSH authentication logs from
/var/log/auth.log - Wrote a Python script to detect failed SSH attempts and pre-authentication disconnects
- Grouped failures by source IP address and targeted username
- Identified patterns consistent with brute-force attacks
- Generated a readable summary report for quick review
Validation & Testing
- Generated controlled failed SSH login attempts using invalid usernames
- Verified failures appeared in system authentication logs
- Confirmed the analyzer correctly counted and categorized events
- Re-ran analysis after additional attempts to ensure results updated dynamically
- Validated regex matching against multiple SSH failure message formats
Tools
Python • Ubuntu Linux (WSL) • OpenSSH • Linux authentication logs
__________
SSH Hardening
Hardened SSH on an Ubuntu server to improve security while keeping remote access reliable.
What I Did
- Moved SSH to a non-standard port (
2222) - Disabled password-based logins and prevented direct root access
- Limited SSH to modern, secure cryptographic algorithms
- Fixed SSH file permissions (
.sshandauthorized_keys) - Set up persistent firewall rules using
iptables-persistent
Validation & Testing
- Checked the active SSH configuration with
sshd -T - Verified which ports SSH was listening on using
ss - Used verbose SSH output to troubleshoot connection issues
- Learned and accounted for NAT loopback limitations when testing from the same machine
- Confirmed external access by testing from a separate network
Tools
OpenSSH • Ubuntu Linux • iptables / netfilter-persistent • systemd • ssh-audit