My Projects
Hacking Methodology
A practical penetration testing walkthrough focused on enumeration, exploitation, and privilege escalation.
This project is based on the Silver Platter room on TryHackMe, guided by Tyler Rambsey from Simply Cyber. It involves attacking a vulnerable machine using Kali Linux to perform real-world offensive security tasks including service enumeration, vulnerability exploitation, and privilege escalation.
The walkthrough is structured in three phases: Setup & Enumeration, Exploitation, and Privilege Escalation. Tools like Nmap, Rustscan, Burp Suite, Hydra, and LinPEAS are used to simulate a complete attack chain from reconnaissance to root access.
Key skills demonstrated in this walkthrough include:
- VPN setup and Nmap/Rustscan for enumeration
- Authentication bypass using CVE exploitation
- IDOR discovery and credential harvesting
- Password spraying and SSH access
- Privilege escalation with LinPEAS and manual inspection
Phishing
An analysis of phishing techniques and countermeasures, including email security, user awareness training, and detection methods.
This project explores the evolving landscape of phishing attacks and provides a comprehensive framework for organizations to defend against these threats. It includes analysis of real-world phishing campaigns, technical implementation of email security protocols, and development of effective user training programs.
Key components of this project:
- Performed end-to-end phishing investigation using Microsoft Defender, M365 Security Center, and KQL for post-delivery log analysis
- Identified and validated malicious indicators through OSINT tools like VirusTotal, URLScan.io, and AbuseIPDB
- Simulated credential theft by analyzing phishing page source code and tracking potential exfiltration paths
- Executed containment actions including session revocation, IP/domain blocking, and organization-wide user notification
Incident Response
An incident response framework for detecting, investigating, and mitigating token theft attacks, ensuring rapid containment and recovery.
This project provides a comprehensive approach to handling token theft incidents by combining alert triage, investigation techniques, containment strategies, and post-incident monitoring. It aims to strengthen organizational defenses against unauthorized token use and improve response efficiency.
Key components of this project:
- Alert acknstructuredowledgment and initial triage of suspicious token activity
- Investigation of unusual sign-ins, phishing indicators, and audit log analysis
- Containment measures including session revocation and MFA re-registration
- Post-incident actions to remove malicious artifacts and validate access controls
- Comprehensive documentation and root cause analysis to enhance future responses
KQL Queries
A collection of KQL queries focused on threat detection, investigation, and monitoring across Microsoft security tools.
This project serves as a practical resource for building detection capabilities using Kusto Query Language (KQL) in Microsoft Sentinel, Defender, and Entra. It includes real-world use cases to help security teams proactively detect malicious activity.
Key components of this project:
- Detection queries for token misuse, impossible travel, and risky sign-ins
- Hunting techniques for lateral movement and privilege escalation
- Mailbox and endpoint activity tracking with Defender and Sentinel logs
- Correlation of Entra ID sign-in data with endpoint and network telemetry
- Modular, reusable queries for common investigation patterns
AWS Pentesting
This project highlights my work from the Introduction to AWS Pentesting course by Simply Cyber Academy. The course focuses on identifying and exploiting common security misconfigurations within AWS cloud environments through practical, hands-on exercises.
For this portfolio entry, I have documented two capstone challenges from the course where I applied the concepts learned to identify security weaknesses in AWS environments. The detailed walkthroughs of these capstone challenges are available in my GitHub repository through the link provided.
Topics covered in this course:
- AWS reconnaissance and cloud resource enumeration
- IAM misconfigurations and privilege escalation scenarios
- Security issues in services such as S3, Lambda, SNS, and API Gateway
- Identifying exposed credentials and insecure configurations
- Understanding cloud pentesting methodologies
Windows Investigation
This project highlights my work from a Windows Investigation lab on TryHackMe, focused on analyzing a compromised endpoint and identifying malicious activity through hands-on investigation.
In this investigation, I analyzed system artifacts, registry entries, and process activity to uncover persistence mechanisms and decode a malicious PowerShell payload. A detailed walkthrough of the investigation is available in my GitHub repository.
Topics covered in this lab:
- Registry analysis and persistence identification
- Sysmon and Event Log analysis
- Process monitoring and investigation
- Decoding encoded PowerShell payloads
- Identifying process injection and C2 communication