Hi,

Enterprise Network Simulation

Completion Date: April 2025

Primary Function: Enterprise network setup with Active directory and security system with attack simulation

Overview: This setup demonstrates enterprise network simulation with Active Directory, SIEM , and a simulated attack scenario. The environment consists of a domain controller, workstations, servers, security monitoring, and an attacker machine. The network is centered around a Windows Server 2025 as domain controller managing Active Directory for the domain "enter.corp.com".

SIEM Implementation with Wazuh

Completion Date: August 2024

Primary Function: Comprehensive Security Information and Event Management with XDR capabilities

Overview: Implemented Wazuh, an open-source security platform integrating SIEM and XDR, on AWS EC2. Configured network-based intrusion detection with Suricata, created custom dashboards for security events and HIPAA compliance, and set up real-time alerting systems. The solution provides robust log analysis, threat detection, and compliance monitoring across cloud and on-premise environments.

Advanced Network Monitoring: Suricata IDS with Splunk Enterprise

Completion Date: September 2024

Primary Function: Real-time Network Intrusion Detection and Advanced Log Analysis

Overview: Integrated Suricata IDS with Splunk Enterprise for comprehensive network security monitoring. Implemented custom rules, automated updates, and network segmentation monitoring. Created advanced Splunk visualizations and dashboards for real-time threat analysis, including geographic distribution of alerts and application protocol usage. The system processes high volumes of network traffic, providing actionable intelligence for rapid incident response.

Real-Time File Integrity Monitoring Solution

Completion Date: August 2023

Primary Function: Continuous Monitoring and Alerting of Critical File Changes

Overview: Developed a proof-of-concept File Integrity Monitor (FIM) using Python. The system creates an integrity baseline of target files/folders using the SHA-512 hashing algorithm, continuously compares actual files against the baseline, and raises alerts for any deviations. The tool enables real-time directory surveillance, flagging changes through alerts in the output, enhancing the ability to detect potential compromises quickly.

Self-Hosted Secure Communication tool

Completion Date: July 2024

Primary Function: Secure Multi-User Communication with Advanced Encryption

Overview: Developed a Python-based self-hosted secure chatroom application using a client-server model. The system uses RSA encryption, invitation-based access with encrypted tokens, security questions, and real-time encrypted messaging. It implements a four-layer security approach including Fernet encrypted tokens, 2048-bit RSA encryption, temporary access codes, and security questions. The application supports both private and public IP hosting, nickname functionality, and color-coded user messages.