Projects
Enterprise Active Directory Security Lab
Built a Windows Server 2022 domain environment to simulate enterprise identity infrastructure and analyze security-relevant authentication activity.
What I Did
- Deployed Active Directory Domain Services, DNS, and SMB file services in a multi-server lab environment
- Configured organizational units, users, and group memberships to model enterprise identity structure
- Implemented role-based access controls to manage permissions for shared resources
- Configured mapped network drives and tested access restrictions across different user roles
- Practiced account provisioning, permission changes, and directory management tasks
Security Monitoring & Investigation
- Simulated identity-based attack scenarios including bulk account creation and privilege escalation
- Analyzed Windows Security Event Logs to identify suspicious authentication behavior
- Investigated Event IDs related to account creation, group membership changes, and account lockouts
- Correlated log events to detect anomalous account activity patterns
- Documented investigation findings and created repeatable analysis workflow
Tools
Windows Server 2022 • Active Directory • DNS • SMB File Services • Windows Event Logs • PowerShell • Excel
__________
Firewall Monitoring and Threat Analysis
Built a segmented virtual network using pfSense firewall, Suricata IDS, and Splunk SIEM to monitor and investigate simulated attack traffic.
What I Did
- Configured pfSense firewall to segment lab network traffic between virtual machines
- Installed and configured Suricata IDS to capture and log network activity
- Forwarded IDS logs to Splunk for centralized log collection and analysis
- Generated simulated attack traffic using Kali Linux including port scans and reconnaissance activity
- Configured network interfaces and firewall rules to support controlled testing scenarios
- Validated log ingestion pipeline to ensure reliable event visibility
Monitoring & Investigation
- Analyzed Suricata alerts in Splunk to identify suspicious traffic patterns
- Investigated network telemetry to detect scanning behavior and abnormal outbound connections
- Correlated IDS alerts with packet captures in Wireshark for validation
- Performed log searches to identify repeated connection attempts from single source IP addresses
- Developed understanding of network-based indicators of compromise
Tools
pfSense • Suricata • Splunk • Kali Linux • Wireshark • VirtualBox • TCP/IP Networking
__________
Malware Analysis Lab
Built an isolated Windows malware analysis environment to safely execute and investigated suspicious executables using static and dynamic analysis techniques.
What I Did
- Created a controlled analysis environment using a Windows virtual machine
- Performed static analysis to inspect PE structure, strings, imports, and metadata
- Executed samples and monitored runtime behavior including process creation and system changes
- Identified persistence mechanisms such as Run keys and Startup folder placement
- Extracted indicators of compromise including dropped files and registry modifications
Analysis & Investigation
- Observed privilege escalation attempts and User Account Control triggers
- Detected defense-evasion behavior including security control modification
- Correlated sandbox results with behavioral observations
- Documented malware behavior consistent with loader-stage activity
- Verified persistence behavior across system reboot
Tools
VirtualBox • x32dbg • Process Explorer • AutoRuns • RegShot • CFF Explorer • VirusTotal • CAPE Sandbox
Report
View Full Analysis Report | Download PDF
__________
Raspberry Pi Homelab
Built and maintained a Linux-based home network lab to practice network monitoring and DNS analysis.
What I Did
- Configured a Raspberry Pi as a dedicated network security appliance
- Deployed Pi-hole to provide network-wide DNS filtering
- Blocked advertisements, trackers, and known malicious domains across the local network
- Maintained and tuned blocklists to reduce false positives
- Used DNS query logs to understand device behavior and outbound connections
Monitoring & Investigation
- Analyzed DNS queries to identify suspicious or unnecessary external communication
- Investigated unusual domain requests generated by devices and applications
- Validated filtering effectiveness by comparing traffic before and after blocking rules
Tools
Raspberry Pi • Linux • Pi-hole • DNS Logs • Network Monitoring
__________
SSH Auth Failure Log Analyzer
Built a lightweight security monitoring tool to analyze real SSH authentication failures on a Linux system using Windows Subsystem for Linux (WSL).
What I Did
- Parsed SSH authentication logs from
/var/log/auth.log - Wrote a Python script to detect failed SSH attempts and pre-authentication disconnects
- Grouped failures by source IP address and targeted username
- Identified patterns consistent with brute-force attacks
- Generated a readable summary report for quick review
Validation & Testing
- Generated controlled failed SSH login attempts using invalid usernames
- Verified failures appeared in system authentication logs
- Confirmed the analyzer correctly counted and categorized events
- Re-ran analysis after additional attempts to ensure results updated dynamically
- Validated regex matching against multiple SSH failure message formats
Tools
Python • Ubuntu Linux (WSL) • OpenSSH • Linux authentication logs
__________
SSH Hardening
Hardened SSH on an Ubuntu server to improve security while keeping remote access reliable.
What I Did
- Moved SSH to a non-standard port (
2222) - Disabled password-based logins and prevented direct root access
- Limited SSH to modern, secure cryptographic algorithms
- Fixed SSH file permissions (
.sshandauthorized_keys) - Set up persistent firewall rules using
iptables-persistent
Validation & Testing
- Checked the active SSH configuration with
sshd -T - Verified which ports SSH was listening on using
ss - Used verbose SSH output to troubleshoot connection issues
- Learned and accounted for NAT loopback limitations when testing from the same machine
- Confirmed external access by testing from a separate network
Tools
OpenSSH • Ubuntu Linux • iptables / netfilter-persistent • systemd • ssh-audit