Projects
AI Triage Tool
MITRE ATT&CK & D3FEND
A Python-based security triage pipeline built from scratch. Simulated a ten-technique ATT&CK attack chain on an isolated Windows 10 VM using Atomic Red Team, captured 2,077 Sysmon events, and used Google Gemini AI to automatically triage alerts. Built across five versions with MITRE ATT&CK and D3FEND enrichment integrated into a fully automated pipeline. Includes an open source contribution to the attackcti library.
Network Sniffing and Forensic Analysis
Wireshark & NetworkMiner
This lab-based analysis showcases the ability to perform network forensics. Conducted packet level inspection to distinguish between plaintext and encrypted traffic, reconstructed full TCP streams to extract sensitive data artifacts, and profiled hosts using metadata such as MAC addresses, IP mappings, and DNS queries. Leveraged Npcap for packet capture and created workflows to draw meaningful conclusions from raw data.
Password Cracking
Hashcat, John the Ripper, & OphCrack
This lab demonstrates the proficiency in ethical password auditing. Successfully cracked both Windows NTLM and Linux SHA-512 password hashes using a combination of GPU based brute force strategies, dictionary attacks, and rainbow table lookups. Leveraged Hashcat and John the Ripper to validate the effectiveness of dictionary lookups and emphasized the security risks of weak passwords.
Tracing Anonymous Emails
Wireshark & NetworkMiner
This lab highlights real world forensics readiness and investigative thinking under privacy evasion scenarios. Analyzed .pcap files to trace the origin of anonymous emails sent through a privacy focused email service. Successfully correlated internal IP addresses, email timestamps, and NAT obscured traffic patterns to identify the suspect device and associate it with the Gmail account used in the attack. Ability to show packet inspection, endpoint attribution, and navigating challenges like anonymization are all essential skills for incident response and digital investigations.