Projects
Projects I’ve built while learning the craft.
Real sites, security experiments, and automation projects. Each one teaching me something new and pushing my skills forward.
Designing an Azure Logging Pipeline for Control Plane Visibility
A hands-on project focused on designing and validating an Azure logging pipeline that provides real control plane and application-level visibility, with an emphasis on detection value, tradeoffs, and lessons learned.
Cybersecurity Blog & Secure Azure Web Application
A production-grade Python Flask web application deployed on Microsoft Azure, designed as both a secure content platform and a hands-on cloud security project. The site serves as a cybersecurity blog while demonstrating real-world deployment, monitoring, and application hardening practices.
LangChain Document Q&A Platform
A full-stack document question-answering platform that allows users to upload PDFs or text files and ask natural-language questions using a retrieval-augmented generation (RAG) pipeline, with real-time responses and transparent source context.
Hack The Box: Alert
An easy-rated penetration test focused on web application vulnerabilities, combining XSS, local file inclusion, credential cracking, and privilege escalation through insecure file handling.
Hack The Box: LinkVortex
An easy-rated penetration test focused on modern web application weaknesses, including exposed Git repositories, CMS exploitation, and privilege escalation through insecure file handling.
Hack The Box: UnderPass
A medium-difficulty penetration test involving multi-protocol enumeration, credential discovery through exposed services, password cracking, and privilege escalation via a misconfigured sudo binary.
Hack The Box: Netmon
A penetration testing walkthrough focused on enumeration through exposed services, credential discovery via backups, and exploitation of a known PRTG command injection vulnerability to achieve SYSTEM-level access.
Hack The Box: Jerry
A hands-on penetration testing walkthrough focused on enumeration, credential abuse, and exploiting a misconfigured Apache Tomcat server to achieve full SYSTEM access.
Defensive Log Monitoring & Detection Engineering
A defensive security project focused on monitoring Windows and Apache logs using Splunk, building baseline-driven alerts and dashboards, and analyzing attack activity through log correlation and behavioral deviation.
Purple Team Nmap Automation
A Purple Team security project focused on automating network reconnaissance with Python and Nmap, improving scan readability through XML-to-HTML transformation, and integrating scan output into defensive monitoring and detection workflows.