Iโm curious about cybersecurity and love getting hands-on with real challenges. Working on projects like reverse-engineering USB drop attacks and digging into Dropbox data leaks in Azure lets me experiment, analyze, and tell the story behind the logs. Right now, Iโm diving deeper into cloud security on Azureโlearning how to spot threats using logs, endpoint tools, and security analytics.
Self-directed investigations inspired by real-world TTPs
-
๐ฅ Malware Analysis - PwnCrypt
Simulated a PowerShell-based ransomware attack to study encryption behavior and impact.
Analyzed file changes, encoded payloads, ransom notes, and mapped MITRE ATT&CK stages. -
๐ฏ CTF Postmortem: Lurker
Red team-style scenario analysis. Mapped attacker behavior through logs.
Postmortem format with IOC timeline and lessons learned. -
๐พ USB Malware Execution via PowerShell
Identified malicious script execution triggered by a rogue USB drop scenario.
Used MDE (DeviceProcessEvents), KQL, and Sentinel to trace PowerShell payload. -
๐ Dropbox Exfiltration โ Insider Threat
Investigated potential insider data theft using personal Dropbox.
Used MDE, DeviceProcessEvents, KQL, and Sentinel dashboards. -
๐ Tor Browser Usage Detection
Detected unauthorized Tor traffic and file execution using EDR logs.
Mapped to MITRE ATT&CK (T1102), built visual attack paths. -
๐ฆ Unauthorized Firefox Installation
Hunt for unapproved browser install/use in an enterprise environment.
Leveraged DeviceFileEvents, MDE alerts, PowerShell traces.
Hands-on experience with real tools and cloud-native environments
-
๐ง Threat Hunting Lab Reports
Sentinel & Defender labs using KQL, NSG flow logs, MDE, and LAW. -
๐จ Incident Response Lab Reports
Root cause analysis and isolation workflows in Microsoft Defender for Endpoint. -
๐ก Threat Hunt Ideas
Ongoing ideas for future hunts: DNS tunneling, malicious USBs, more.
Feel free to connect if you're working on a security project, hiring, or just want to chat about threat hunting and cloud defense.