Detection engineering, offensive security research, and AI red teaming.
1 year of tech support experience, 2 degrees, and a dozen certifications. Currently pursuing my 2nd M.S. in Software Engineering / AI Engineering from WGU while working as an AI Annotator. Seeking entry level cybersecurity role.
Hands-on security experience built through independent lab work. Designed and deployed a full enterprise simulation environment including an Active Directory domain, Splunk SIEM, and a dedicated attack platform, then ran the full offensive and defensive cycle: simulating attacks, writing detection rules, and tuning alerts. Currently pursuing HTB COAE and active on HackerOne.
A mix of completed projects and work in progress, covering detection engineering, security tooling, and recon automation.
Custom Wazuh detection rules and Splunk SPL queries built against a 7-VM Windows domain lab. Covers lateral movement, privilege escalation, persistence, and credential access. Includes diagnostic scripts for both Splunk indexer and Universal Forwarder.
PowerShell assessment and hardening scripts for a Windows domain homelab - domain controller baseline, IIS/MySQL application server review, workstation security audit, ASR rule enforcement, and AD tiering with LDAPS. Each script outputs a structured findings report.
Modular recon pipeline - subdomain enumeration via subfinder, live host probing with httpx, response header fingerprinting, and tech stack detection. Built for HackerOne bug bounty recon.
Categorised prompt injection payload library with a test runner for any OpenAI-compatible endpoint - direct injection, indirect via RAG context, jailbreaks, data exfil probes, and a response scoring engine.
Active work across homelab attack-defend research, HTB, and PortSwigger. Published articles on Medium covering detection engineering, AD exploitation, and offensive tooling.
Python HTTP header recon tool for active bug bounty workflows - checks for missing security headers, outdated server fingerprints (PHP 5.x, Apache 2.2, IIS 6/7), and wildcard CORS misconfigurations. First in a practical bug bounty tooling series.
| Date | Platform | Target | Vuln Class | Summary | Writeup |
|---|---|---|---|---|---|
| 2026-01-10 | Homelab | DC01 - Windows Network Share | SMB · lateral movement | Attacked overpermissioned share via smbclient; detected via Event 5145 in Splunk; hardened SMB signing and ACLs | Read → |
| 2025-12-08 | Homelab | APP01 - IIS / MySQL | Web misconfig · SQLi · priv esc | IIS directory browsing + MySQL exposed → web shell → app pool running as Domain Admin → full domain compromise | Read → |
| 2025-11-28 | Homelab | DC01 - Domain Controller Assessment | AD · password policy · NTP | PowerShell baseline assessment: excessive DA membership, zero lockout threshold, NTP misconfiguration, legacy NetBIOS exposure | Read → |
| 2025-11-28 | Homelab | APP01 - Web Server Assessment | IIS · MySQL · service accounts | HTTP without TLS, MySQL on 0.0.0.0, SMB/WinRM exposed, three overprivileged service accounts identified | Read → |
| 2025-11-27 | Homelab | WIN11-MGR1 - Workstation Assessment | Windows hardening · AD | AutoAdminLogon with DA credentials in plaintext registry, UAC disabled, RDP open, Kerberoastable service accounts - critical chain to domain compromise | Read → |
| 2025-11-20 | Homelab | cjcs.local - AD Attack Chain | AD · Kerberoasting · DCSync | Network access → CrackMapExec → Responder NTLM capture → Hashcat → Kerberoasting via impacket-GetUserSPNs → DCSync - full domain compromise documented | Read → |
| 2025-10-30 | Homelab | DC01 - AD Hardening (SOC 2) | GRC · AD · LDAPS | SOC 2 CC6.1/CC7.1/CC8.1 gap remediation - account tiering, Wazuh rule 100010 for privileged login detection, LDAPS via internal CA on port 636 | Read → |
| 2025-10-08 | Homelab | SIEM01 - Wazuh Build | SIEM · detection engineering | Wazuh 4.14.0 on Ubuntu 24.04 with agents on DC01/APP01/MGR1; custom brute force and password spray rules; MITRE ATT&CK mapped alerts | Read → |