Projects

Areas of Focus

SIEM with Splunk, Active Directory lab *to be added*, firewall rules, honeypot *to be added*

•Overview: Siem Built in a Vmware Workstation, built on lubuntu with attacker vm being a kali linux vm.
•Tools/Techniques Used: Windows: Security logs (4624/4625/4672/4688/4689), Sysmon (1, 3, 7, 10, 11, 13), via Splunk Universal Forwarder -> Splunk. Linux: auth.log/secure, auditd (execve, user auth), process/accounting. Network: Zeek (conn, dns, http), optional Suricata alerts. Endpoints: PowerShell Operational log, command-line logging.
•Screenshots or Diagrams: See Writeup page for more details
•Key Learning Outcomes: With these detections, I've done exactly what a SOC Analyst would do daily. Using the SIEM to gather logs, spot suspicious activity, investigating alerts, and explaining findings in clear language *see writeup for more details*.

Hands-on cybersecurity training and skill development

•Overview: RangeForce sessions provide essential hands-on cybersecurity training that bridges theoretical knowledge with practical application. This structured learning approach is crucial for developing real-world incident response skills and understanding current threat landscapes.
•Learning Methods & Course Structure: Completed 4 comprehensive themes/courses covering 28 modules in areas including threat detection, incident response, network security, and security operations. Utilized interactive simulations and real-world scenarios to develop practical cybersecurity skills.
•Screenshots or Diagrams: View detailed skill documentation and completed course evidence in the Writeups section
•Key Learning Outcomes: Developed hands-on incident response capabilities, threat analysis skills, and security operations knowledge. These skills directly apply to cybersecurity work and enhance my ability to create security-focused content and tools for my portfolio website.

Live demonstrations of security threats and detection methods

•Overview: Detection methods are crucial for identifying and responding to security threats in real-time. Understanding attack patterns and implementing effective detection rules enables proactive threat hunting and incident response, which are essential skills for cybersecurity professionals.
•Tools/Techniques Used: SIEM technologies including Splunk for log aggregation and analysis, Sysmon for Windows event monitoring, Zeek for network traffic analysis, Suricata for intrusion detection, and custom SPL queries for threat hunting. Implemented detection rules for brute force attacks, privilege escalation, lateral movement, and suspicious process execution.
•Screenshots or Diagrams: Currently developing comprehensive visual documentation and attack flow diagrams to demonstrate detection capabilities and threat response workflows. This documentation will showcase practical application of security concepts.
•Key Learning Outcomes: Gained practical experience in threat detection methodology, SIEM rule development, log analysis techniques, and incident response procedures. Developed skills in identifying attack patterns, creating effective detection rules, and understanding the attacker mindset for better defense strategies.

Website development and cybersecurity tools implementation

•Overview: Built a comprehensive portfolio website showcasing cybersecurity expertise and implemented a complete security lab environment with SIEM monitoring, threat detection, and security hardening tools.
•Tools/Techniques Used: Website: Next.js, React, TypeScript, Tailwind CSS. Security: Splunk SIEM, VMware VMs (Lubuntu/Kali), UFW/Fail2Ban, Zeek, Wireshark, TheHive, MISP, Yara, Volatility3, Metasploit, NMap, Hydra, John the Ripper.
•Key Learning Outcomes: Developed full-stack web development skills, implemented 15 SIEM detection rules, configured comprehensive security monitoring, and gained hands-on experience with industry-standard cybersecurity tools and practices.