Explore my cybersecurity contributions, including tools and malware analysis reports.
Explore technical reports focusing on malware behavior, incident response, and forensic analysis. These documents highlight detection of privilege escalation, persistence techniques, and threat actor tactics through simulated attack scenarios.
A comprehensive analysis of malicious activity in a simulated environment, covering PowerShell commands, persistence mechanisms, lateral movement tactics, and privilege escalation. Includes detailed observations, analysis, and IOCs.
These hands-on projects demonstrate real-world implementations of SIEM solutions, automated threat detection, and response engineering using Elastic Stack. The focus is on building secure infrastructure, automating workflows, and operationalizing security monitoring.
This report presents the design and implementation of a real-time SIEM (Security Information and Event Management) monitoring solution using the Elastic Stack (ELK). The system integrates log collection from Windows and Linux endpoints, custom detection rules, and automated incident response through Python and PowerShell. The project includes brute-force attack simulations, firewall automation, and Slack alerting to demonstrate initiative-taking defense strategies.
This report details the deployment of a cloud-hosted SIEM solution using Elastic Stack on Azure. It showcases log collection from Windows and CentOS hosts using Beats agents, real-time threat detection, and enrichment with GeoIP data. Custom Kibana dashboards, ingest pipelines, and role-based access control were configured. Simulated attacks (SSH brute-force, PowerShell abuse) were used to validate detection capabilities.
These documents reflect core components of an ISO/IEC 27001-aligned Information Security Management System (ISMS). Each policy supports secure business operations, compliance, and risk mitigation through structured guidelines on system usage, access control, data handling, and organizational behavior.
Defines permissible use of company-owned IT resources and systems, minimizing risk of misuse and ensuring secure behavior.
View PolicyOutlines requirements and security measures for employees using personal devices to access company systems and data.
View PolicyEstablishes best practices for physical workspace cleanliness and confidentiality, ensuring sensitive data is secured when unattended.
View PolicyDefines how personal and sensitive data is collected, stored, processed, and protected in compliance with regulations like GDPR.
View PolicyOutlines the organization’s overall approach to maintaining the confidentiality, integrity, and availability of information assets.
View PolicySpecifies requirements for password creation, management, and protection to reduce the risk of unauthorized access.
View PolicyThis collection features lightweight browser extensions and utility tools developed to streamline threat detection, intelligence gathering, and log analysis for cybersecurity professionals. Each tool enhances workflows with direct integrations to platforms like Shodan, VirusTotal, and AbuseIPDB.
A Firefox extension for quickly checking IP addresses against AbuseIPDB, streamlining threat detection and analysis processes for SOC analysts.
This extension allows users to perform real-time IP address and domain investigations using Shodan, enhancing threat intelligence workflows.
Streamlines malware identification by allowing URL, domain, and file hash lookups on VirusTotal. Ideal for researchers and analysts.
Quickly retrieve information on specific Windows Event IDs to simplify log analysis for SOC analysts and system administrators.