Projects
Projects I’ve built while learning the craft.
Real sites, security experiments, and automation projects. Each one teaching me something new and pushing my skills forward.
Building a Baseline-First Behavioral Detection Engine
A software-driven project focused on designing and validating a baseline-first behavioral detection engine that learns normal behavior, persists it as an artifact, and scores new events with explainable deviation logic instead of hard-coded alerts.
Designing an Azure Logging Pipeline for Control Plane Visibility
A hands-on project focused on designing and validating an Azure logging pipeline that provides real control plane and application-level visibility, with an emphasis on detection value, tradeoffs, and lessons learned.
Cybersecurity Blog & Secure Azure Web Application
A production-grade Python Flask web application deployed on Microsoft Azure, designed as both a secure content platform and a hands-on cloud security project. The site serves as a cybersecurity blog while demonstrating real-world deployment, monitoring, and application hardening practices.
LangChain Document Q&A Platform
A full-stack document question-answering platform that allows users to upload PDFs or text files and ask natural-language questions using a retrieval-augmented generation (RAG) pipeline, with real-time responses and transparent source context.
Hack The Box: Alert
An easy-rated penetration test focused on web application vulnerabilities, combining XSS, local file inclusion, credential cracking, and privilege escalation through insecure file handling.
Hack The Box: LinkVortex
An easy-rated penetration test focused on modern web application weaknesses, including exposed Git repositories, CMS exploitation, and privilege escalation through insecure file handling.
Hack The Box: UnderPass
A medium-difficulty penetration test involving multi-protocol enumeration, credential discovery through exposed services, password cracking, and privilege escalation via a misconfigured sudo binary.
Hack The Box: Netmon
A penetration testing walkthrough focused on enumeration through exposed services, credential discovery via backups, and exploitation of a known PRTG command injection vulnerability to achieve SYSTEM-level access.
Hack The Box: Jerry
A hands-on penetration testing walkthrough focused on enumeration, credential abuse, and exploiting a misconfigured Apache Tomcat server to achieve full SYSTEM access.
Defensive Log Monitoring & Detection Engineering
A defensive security project focused on monitoring Windows and Apache logs using Splunk, building baseline-driven alerts and dashboards, and analyzing attack activity through log correlation and behavioral deviation.
Purple Team Nmap Automation
A Purple Team security project focused on automating network reconnaissance with Python and Nmap, improving scan readability through XML-to-HTML transformation, and integrating scan output into defensive monitoring and detection workflows.