%201.svg)
Projects
A collection of hands-on labs where I explore aspects of cybersecurity such as threat hunting, analysis, vulnerability remediation, and compliance.
Threat Hunting Investigation
In this project, I simulate a scenario where management suspects a subject is using TOR browser to bypass company security controls. Acting as a threat hunter, I use Microsoft Defender for Endpoint and KQL to trace file activity, process execution, and network connections—validating whether the suspected user launched TOR and connected to known relay nodes.
Phishing Analyzer - Email Scanner
A Python tool that scans .eml email files for signs of phishing. It checks the sender, message text, links, and attachments for red flags like suspicious keywords, fake domains, and risky file types. The tool gives each email a score, a clear verdict, and can optionally check link reputations with VirusTotal.
Vulnerability Management Program
In this project, I scan my Azure cloud environment with Nessus to uncover security vulnerabilities across virtual machines and services. I focused on identifying and prioritizing high‑severity risks based on potential impact. I applied targeted fixes and confirmed improvements through follow‑up scans, resulting in a stronger overall security posture.
AI SOC Analyst - Using
Python and Open AI API
In this project I develop a Python workflow that connects Open AI’s API with my Azure cloud environment to aggregate and centralize security logs. I leverage AI to scan, triage, and investigate potential vulnerabilities, streamlining the analysis process. This approach reduced manual workload and accelerated incident detection, showcasing the power of automation in SOC operations.
.avif)
Honey Pot - Catching Bad Actors
In this project, I built a honeypot in Azure to attract and monitor malicious activity in a controlled cloud environment. A honeypot is used to simulate vulnerable systems, luring attackers so their behavior can be observed and analyzed without risking real assets. My setup captures brute-force login attempts and other suspicious actions, which I investigate by querying logs with KQL. I also visualize attacker locations on a custom map, helping me identify patterns and analyze their tactics, techniques, and procedures.
