Projects like Cryptography, Pentesting, CTFs, Ethical Hacking, Security Engineering and more.

Security Tested 20 Web Applications. Found hundreds of small-medium and several high-critical level vulnerabilities such as Database Leak (SQLi) and Gained Admin Access (Broken Access Control).

Attack Data Analysis of Web Honeypot written in Python with VPS Setup and Attack Simulations + real attack data with VPS

Here I'm using Wazuh as SIEM to detect and analyze what’s happening when Windows OS is infected with running malwares, also when a Web App is attacked.

Here, what I did is I use Snort as Intrusion Detection System (IDS) to detect any incoming attacks against certain websites, use community rules and create custom rules to detect intrusions. On top of that, I also do Proof of Concepts to see whether the rules work or not.

In this project I’m setting up honeypots which is an SSH honeypot (cowrie) and a web honeypot (snare + tanner) where I analyze malicious activities from users from the internet. I setup the honeypots on AWS C2 Ubuntu instances.

Here, I did Web Security static code analysis using Semgrep and SonarQube. The websites that I analyzed here are DVWA which is a vulnerable Fullstack Web App and Kos KaKa Dashboard Backend which is a backend API which is a Backend API for Kos KaKa web app.

Here, I did Web Security dynamic analysis using ZAP-CLI. The website that I analyzed here is OWASP Juice Shop which is a vulnerable Fullstack Web App.

Here I showcase some malwares that I get from malicious whatsapp messages and the internet then analyze them using both Static and Dynamic Malware Analysis methods.

Custom security tools mainly built using Python