Projects

Software I have built and shipped: applications, APIs, defensive tooling, labs, and research artifacts. Each entry focuses on architecture and responsibility not only a feature list.

Full-stack & applications

End-user or multi-service software with UI, API layer, and persistence.

RPS League App

React and Node.js with Prisma; SSE for live league state. Domains: matches, auth, sync not only screens.

React Node Prisma SSE
GitHub open_in_new

Backend & API projects

Integration layers and scripts where requests, responses, and errors are the product.

Network API toolkit

Utilities for composing API calls, handling failures, and making outputs reusable from the shell or other tools.

APIs Automation
GitHub open_in_new

Security tooling

Defensive utilities and host-focused helpers interfaces, config, and deliberate scope (including what the tool does not do).

Defensive security tools

Blue-team oriented scripts and utilities; trust boundaries and safe defaults documented.

Defensive Python
GitHub open_in_new

Endpoint monitoring tools

Visibility and checks around endpoint signals; pair with lab validation.

Endpoint Monitoring
GitHub open_in_new

Also in this bucket

  • Linux log analyzer structured auth/system log triage patterns.
  • Windows security scanner processes, persistence, connections, event log IOC-style checks.
  • Network scanner host discovery and inventory on a subnet.
  • System monitoring scripts disk, load, memory, service health.

Network lab tooling

  • ARP spoof detector, DNS spoofer (lab-only), packet sniffer, MAC changer explicit lab scope and paired detection notes.

Offensive-capable lab code stays scoped to education and detection research; controls and mitigations are documented.

Detection & SIEM labs

Pipelines, rules, and validation not a single alert screenshot.

SIEM detection lab

Rule design and event flow experiments against realistic noise and attack simulation.

SIEM Detection
GitHub open_in_new

Elastic SIEM lab

Elastic-focused ingest, KQL, and correlation patterns tied to collected data.

Elastic KQL
GitHub open_in_new

Network attack & detection lab

Network-layer scenarios with paired detection thinking what shows up where, and what does not.

Network Lab
GitHub open_in_new

Secure & systems programming labs

Exercises around memory safety, privilege, and platform behavior small, verifiable scopes.

Secure programming labs

Language- and API-level security properties encoded as exercises and notes.

Secure coding
GitHub open_in_new

Platform security labs

OS and platform hardening or abuse-surface experiments with clear assumptions.

Platform
GitHub open_in_new

Browser extensions

Thin clients that reduce context switching; permissions and what leaves the browser are explicit.

Windows Security Event Log lookup

Faster Event ID context during log review.

Windows SOC
GitHub open_in_new

Security research & contributions

Bug bounty PoCs, malware notes, OSINT reporting sanitized, scoped, and evidence-led.

Additional research & operations

Heavier analysis and community-facing work that does not live in a single repo.

Discord malware analysis: EclipseOfLegends

Comprehensive analysis of malicious behavior in files shared via Discord.

  • Identified privilege escalation risks with elevate.exe.
  • Analyzed .asar files for potential tampering in Electron-based applications.
  • Detected persistence mechanisms in installer-like executables.

Tools used: YARA, ProcMon, capa.

chevron_right Hybrid Analysis report

Sample hash: df46dbe66498cd0d9ea8cc62c693172943bc91ff200c06617aa1f5503dae7976

  • Network activity: No significant DNS requests or HTTP connections observed.
  • File system modifications: No notable files extracted or modified.
  • Process activity: RCC.exe (PID: 3320) associated with the sample.
  • Extracted strings: Useful for investigation and detection rule creation.

Full Hybrid Analysis report open_in_new

Content monitoring and abuse reporting (OSINT)

Open-source intelligence work to identify sites and communities violating platform policies or legal norms.

  • Flagged and reported 160+ websites and multiple Discord servers to providers.
  • Submitted evidence via hosting and registrar abuse channels.
  • Produced intelligence summaries for stakeholders when appropriate.
  • Tools used: WHOIS, domain intelligence, reporting platforms (AbuseIPDB, registrar portals).

Twitch moderation and regex development

Built moderation regex to filter spam, malicious links, and abusive content across multiple streams.

Example pattern (shortened for display; full pattern lives in repo/writeup):

(?i)(^(best|b\se\ss\st) (viewers|v\si\se\sw\se\sr\ss) (on|o\s))...

These rules reduced manual interventions and improved real-time enforcement of chat guidelines.