My Projects
Hacking Methodology
A practical penetration testing walkthrough focused on enumeration, exploitation, and privilege escalation.
This project is based on the Silver Platter room on TryHackMe, guided by Tyler Rambsey from Simply Cyber. It involves attacking a vulnerable machine using Kali Linux to perform real-world offensive security tasks including service enumeration, vulnerability exploitation, and privilege escalation.
The walkthrough is structured in three phases: Setup & Enumeration, Exploitation, and Privilege Escalation. Tools like Nmap, Rustscan, Burp Suite, Hydra, and LinPEAS are used to simulate a complete attack chain from reconnaissance to root access.
Key skills demonstrated in this walkthrough include:
- VPN setup and Nmap/Rustscan for enumeration
- Authentication bypass using CVE exploitation
- IDOR discovery and credential harvesting
- Password spraying and SSH access
- Privilege escalation with LinPEAS and manual inspection
Phishing
An analysis of phishing techniques and countermeasures, including email security, user awareness training, and detection methods.
This project explores the evolving landscape of phishing attacks and provides a comprehensive framework for organizations to defend against these threats. It includes analysis of real-world phishing campaigns, technical implementation of email security protocols, and development of effective user training programs.
Key components of this project:
- Performed end-to-end phishing investigation using Microsoft Defender, M365 Security Center, and KQL for post-delivery log analysis
- Identified and validated malicious indicators through OSINT tools like VirusTotal, URLScan.io, and AbuseIPDB
- Simulated credential theft by analyzing phishing page source code and tracking potential exfiltration paths
- Executed containment actions including session revocation, IP/domain blocking, and organization-wide user notification
Incident Response
A incident response framework for detecting, investigating, and mitigating token theft attacks, ensuring rapid containment and recovery.
This project provides a comprehensive approach to handling token theft incidents by combining alert triage, investigation techniques, containment strategies, and post-incident monitoring. It aims to strengthen organizational defenses against unauthorized token use and improve response efficiency.
Key components of this project:
- Alert acknstructuredowledgment and initial triage of suspicious token activity
- Investigation of unusual sign-ins, phishing indicators, and audit log analysis
- Containment measures including session revocation and MFA re-registration
- Post-incident actions to remove malicious artifacts and validate access controls
- Comprehensive documentation and root cause analysis to enhance future responses
KQL Queries
A collection of KQL queries focused on threat detection, investigation, and monitoring across Microsoft security tools.
This project serves as a practical resource for building detection capabilities using Kusto Query Language (KQL) in Microsoft Sentinel, Defender, and Entra. It includes real-world use cases to help security teams proactively detect malicious activity.
Key components of this project:
- Detection queries for token misuse, impossible travel, and risky sign-ins
- Hunting techniques for lateral movement and privilege escalation
- Mailbox and endpoint activity tracking with Defender and Sentinel logs
- Correlation of Entra ID sign-in data with endpoint and network telemetry
- Modular, reusable queries for common investigation patterns
AWS Pentesting
A comprehensive guide to penetration testing AWS environments, focusing on common misconfigurations and security vulnerabilities in cloud infrastructure.
This project provides a methodical approach to identifying and exploiting security weaknesses in AWS deployments. It covers reconnaissance techniques specific to cloud environments, exploitation of misconfigured services, and post-exploitation activities within AWS infrastructure.
Areas covered in this project:
- S3 bucket enumeration and access control testing
- IAM privilege escalation techniques
- Lambda function security assessment
- EC2 instance vulnerability scanning
- CloudTrail logging evasion methods
Coming soon...
Malware Analysis Lab
Setting up and using a secure environment for analyzing malicious software, including static and dynamic analysis techniques to understand malware behavior.
This project documents the creation of an isolated malware analysis environment and demonstrates techniques for safely examining malicious code. It includes both static analysis methods that examine the code without execution and dynamic analysis that observes the malware's behavior in a controlled environment.
Key components of this lab:
- Virtualized isolated network configuration
- Static analysis using IDA Pro and Ghidra
- Dynamic analysis with process monitoring tools
- Network traffic analysis during malware execution
- Malware family identification techniques
Coming soon...