Skip to content

Projects

Security case studies with GitHub evidence

A curated review path for vulnerability management, secure configuration, remediation automation, and threat hunting work backed by case-study notes and source evidence.

01

SecOps Analyst / SOC Analyst / Threat Detection Analyst

Password Spray Threat Hunt: RDP Compromise Investigation

Microsoft Defender and Sentinel-style threat hunt that reconstructs a cyber-range Windows VM compromise from password-spray RDP access through execution, persistence, evasion, C2, and attempted exfiltration.

Hiring relevance

The RDP compromise investigation shows the ability to pivot across endpoint telemetry, explain what the evidence supports, and separate confirmed activity from unsupported assumptions.

Problem

RDP access after password spraying needed full endpoint pivots.

Outcome

The report reconstructs the attack path and attempted exfiltration.

Concepts

RDP logon analysis, KQL pivots, ATT&CK mapping, and exfil review.

Tools

MDE Advanced HuntingMicrosoft SentinelMicrosoft Defender for EndpointSIEMKQLMITRE ATT&CK
02

Threat Hunter / SecOps Analyst

The Buyer / Akira Ransomware Threat Hunt

Cyber-range Akira ransomware hunt using Microsoft Defender telemetry to reconstruct remote access, staging, lateral movement, defense evasion, data staging, and impact artifacts.

Hiring relevance

The ransomware hunt demonstrates the ability to reconstruct ransomware activity from telemetry, preserve a defensible timeline, and turn observed behavior into detection opportunities.

Problem

Akira activity needed host scoping, timeline rebuild, and gap review.

Outcome

Affected hosts, IOC timing, and detections are documented.

Concepts

Ransomware timeline, remote access triage, tampering, and impact.

Tools

MDE Advanced HuntingMicrosoft SentinelMicrosoft Defender for EndpointSIEMKQLMITRE ATT&CK
03

Vulnerability Management Analyst

Vulnerability Management Program Implementation

Lab vulnerability management program with policy creation, stakeholder buy-in, authenticated scanning, prioritization, remediation, and verification.

Hiring relevance

The vulnerability management project shows the ability to turn scan output into prioritized remediation, communicate risk clearly, and validate that fixes reduced exposure.

Problem

No policy, scan approval, priority model, or verification loop existed.

Outcome

Findings fell from 32 to 4, with criticals eliminated.

Concepts

Governance, authenticated scanning, risk prioritization, and validation.

Tools

TenableAzure Cloud InfrastructureAzure Virtual MachinesPowerShellWindows Server
04

Security Analyst / Technical Compliance Analyst

DISA STIG Remediation Project

PowerShell remediation scripts with screenshot validation for selected Windows 11 DISA STIG findings in a lab environment.

Hiring relevance

The STIG remediation work shows practical secure-configuration judgment: interpreting control requirements, translating them into repeatable PowerShell changes, and preserving validation evidence without overstating compliance.

Problem

Windows 11 STIG findings needed scripted fixes and validation proof.

Outcome

Selected controls are documented without claiming full compliance.

Concepts

Registry policy, audit policy, PowerShell checks, and evidence capture.

Tools

PowerShellDISA STIGCustom DISA STIG GPTWindows 11Windows Registryauditpolgpupdate