Portfolio

Projects

Security tools, lab environments, and research built from scratch — every project here is something I designed and deployed myself.

Featured Projects
🔎
FIM-Watchdog OPEN SOURCE
FILE INTEGRITY MONITORING PLATFORM

A full-stack File Integrity Monitoring system built from scratch. The Python agent hashes every file with SHA-256, detects changes in real time, and reports to a FastAPI backend that streams live alerts to a web dashboard and forwards to Telegram via n8n automation.

PythonFastAPISQLiteServer-Sent Eventsn8nSHA-256Telegram
  • SHA-256 hashing — detects any byte-level file modification
  • Real-time web dashboard with live alert stream via SSE
  • FastAPI event collection server with SQLite persistence
  • n8n workflow automation for instant Telegram notifications
  • Cross-platform — works on Linux, macOS, and Windows
  • Fully documented with architecture diagram and setup guide
🔗 GitHub 📊 SOC Lab Context
📊
ELK Stack Cloud SOC Lab
SELF-DEPLOYED SECURITY OPERATIONS LAB

Deployed a full ELK Stack (Elasticsearch, Logstash, Kibana) on cloud infrastructure from scratch. Enrolled a Windows VM via Elastic Agent and configured Elastic Defend endpoint security policies — building and testing real detection rules for login monitoring and File Integrity Monitoring.

ElasticsearchLogstashKibanaElastic AgentElastic DefendKQLEQLWindows EDR
  • Full ELK stack deployed on cloud — not a local VM or tutorial walkthrough
  • Elastic Defend endpoint policies for Windows login event detection
  • File Integrity Monitoring using Elastic's built-in FIM capabilities
  • Currently researching lateral movement and privilege escalation detection
📊 Full Lab Documentation
Azure RDP Brute-Force Investigation
LIVE CLOUD ATTACK ANALYSIS

Deployed a Windows VM on Microsoft Azure and deliberately exposed RDP to the internet to capture real-world brute-force attacks. Independently analysed attacker IP patterns, authentication failure clustering, and timing-based attack behaviour over 24-48 hours. Documented as a SOC-style incident report.

Microsoft AzureWindows ServerRDPLog AnalysisIncident Report
  • Real live attacks — not simulated or synthetic traffic
  • IP geolocation analysis of attacker sources
  • Authentication failure pattern analysis and timeline reconstruction
  • Documented in a structured SOC-style investigation report
🔗 GitHub
🛡
Mini SIEM Log Monitoring System
CUSTOM LOG CORRELATION PIPELINE

Built a custom log ingestion and correlation pipeline using Python and PostgreSQL to simulate SOC monitoring workflows. Detects brute-force authentication attacks using rule-based correlation — designed to understand how SIEM detection logic works at a fundamental level.

PythonPostgreSQLSQL CorrelationLog AnalysisBrute-Force Detection
  • Custom log ingestion pipeline — no off-the-shelf SIEM used
  • Rule-based SQL correlation for detecting authentication anomalies
  • Brute-force detection with configurable threshold alerting
Bug Bounty Research
Independent Bug Bounty Researcher — Bugcrowd
Actively hunting vulnerabilities on Bugcrowd programmes. Focus areas: Broken Access Control, IDOR, XSS, Authentication flaws, and Server-Side Misconfiguration. Have identified a server-side misconfiguration in a production application through independent research and practised responsible disclosure.
Server-Side Misconfiguration — Research Write-up
Documented a server-side misconfiguration finding — covering discovery methodology, impact analysis, CVSS scoring, and remediation recommendations. Written as a portfolio demonstration of responsible disclosure and security research methodology. Target intentionally omitted per ethical disclosure practices.