Portfolio

Projects

Security tools, lab environments, and research built from scratch — every project here is something I designed and deployed myself.

Featured Projects
🔎
FIM-Watchdog OPEN SOURCE
FILE INTEGRITY MONITORING PLATFORM

An authenticated File Integrity Monitoring platform built from scratch. The Python agent hashes files with SHA-256, detects created, modified, and deleted files, and reports to a FastAPI backend with SQLite history, dashboard authentication, severity labels, and optional n8n webhook automation.

PythonFastAPISQLiteDashboard AuthAPI Keyn8nSHA-256
  • SHA-256 hashing detects any byte-level file modification
  • Authenticated dashboard with event history, filtering, stats, and severity labels
  • FastAPI event collection server with API-key protected agent reporting
  • SQLite persistence with safe config examples and ignored local secrets
  • Optional n8n webhook forwarding for alert automation
  • Cross-platform support for Linux, macOS, and Windows
  • Fully documented with architecture diagram and setup guide
🔗 GitHub 📊 SOC Lab Context
📊
ELK Stack Cloud SOC Lab
SELF-DEPLOYED SECURITY OPERATIONS LAB

Deployed a full ELK Stack (Elasticsearch, Logstash, Kibana) on cloud infrastructure from scratch. Enrolled a Windows VM via Elastic Agent and configured Elastic Defend endpoint security policies — building and testing real detection rules for login monitoring and File Integrity Monitoring.

ElasticsearchLogstashKibanaElastic AgentElastic DefendKQLEQLWindows EDR
  • Full ELK stack deployed on cloud — not a local VM or tutorial walkthrough
  • Elastic Defend endpoint policies for Windows login event detection
  • File Integrity Monitoring using Elastic's built-in FIM capabilities
  • Currently researching lateral movement and privilege escalation detection
📊 Full Lab Documentation
Azure RDP Brute-Force Investigation
LIVE CLOUD ATTACK ANALYSIS

Deployed a Windows VM on Microsoft Azure and deliberately exposed RDP to the internet to capture real-world brute-force attacks. Independently analysed attacker IP patterns, authentication failure clustering, and timing-based attack behaviour over 24-48 hours. Documented as a SOC-style incident report.

Microsoft AzureWindows ServerRDPLog AnalysisIncident Report
  • Real live attacks — not simulated or synthetic traffic
  • IP geolocation analysis of attacker sources
  • Authentication failure pattern analysis and timeline reconstruction
  • Documented in a structured SOC-style investigation report
🔗 GitHub
🛡
LogSight SIEM
EDUCATIONAL MINI SIEM WORKFLOW

Educational mini SIEM web app for learning log ingestion, normalization, detection rules, alert generation, and investigation workflows. Built to explain how SOC pipelines turn raw logs into actionable detections.

JavaScriptSOC WorkflowDetection RulesLog AnalysisAlert Triage
  • Log ingestion and normalization workflow for SOC learning
  • Detection rules and alert generation for common suspicious activity
  • Investigation-style interface for explaining triage decisions
🔗 GitHub
Bug Bounty Research
Independent Bug Bounty Researcher — Bugcrowd
Actively hunting vulnerabilities on Bugcrowd programmes. Focus areas: Broken Access Control, IDOR, XSS, Authentication flaws, and Server-Side Misconfiguration. Have identified a server-side misconfiguration in a production application through independent research and practised responsible disclosure.
Server-Side Misconfiguration — Research Write-up
Documented a server-side misconfiguration finding — covering discovery methodology, impact analysis, CVSS scoring, and remediation recommendations. Written as a portfolio demonstration of responsible disclosure and security research methodology. Target intentionally omitted per ethical disclosure practices.