Projects

Case studies and evidence-based security work

A focused collection of cybersecurity projects showing vulnerability management, secure configuration, remediation automation, and threat hunting through concise case studies and supporting GitHub evidence.

Scan Summary32 -> 4

Critical

100%High

92%Medium

88%

Vulnerability Management Analyst

Vulnerability Management Program Implementation

A simulated end-to-end vulnerability management program covering policy creation, stakeholder buy-in, authenticated scanning, prioritization, remediation, and verification.

Problem

No policy, scan approval, priority model, or verification loop existed.

Outcome

Findings fell from 32 to 4, with criticals eliminated.

Concepts

Governance, authenticated scanning, risk prioritization, and validation.

Tools

TenableAzure Cloud InfrastructureAzure Virtual MachinesPowerShellWindows Server

View case study

STIG ControlState

DISA STIG Audit

Scan

Complete

Remediation Scripts

Powershell

Executed

STIG Remediation

Automation

Remediated

Security Analyst / Technical Compliance Analyst

DISA STIG Remediation Project

PowerShell Remediation Scripts and Screenshot-based validation evidence for selected Windows 11 DISA STIG findings in a lab environment.

Problem

Windows 11 STIG findings needed scripted fixes and validation proof.

Outcome

Selected controls are documented without claiming full compliance.

Concepts

Registry policy, audit policy, PowerShell checks, and evidence capture.

Tools

PowerShellDISA STIGWindows 11Windows Registryauditpolgpupdate

View case study

159.26.106.84

RDP

slflare

slflarewinsysmo

Fail

Success

SecOps Analyst / SOC Analyst / Threat Detection Analyst

Password Spray Threat Hunt: RDP Compromise Investigation

A Microsoft Defender and Sentinel-style threat hunt reconstructing a cyber-range Windows VM compromise from password-spray-driven RDP access through execution, persistence, evasion, C2, and attempted exfiltration.

Problem

RDP access after password spraying needed full endpoint pivots.

Outcome

The report reconstructs the attack path and attempted exfiltration.

Concepts

RDP logon analysis, KQL pivots, ATT&CK mapping, and exfil review.

Tools

Microsoft Defender for EndpointSentinel-style KQLMITRE ATT&CKWindows telemetry

View case study

AnyDesk

Staging

Evasion

Encryption

T1219T1074T1562T1486

Threat Hunter / SecOps Analyst

The Buyer / Akira Ransomware Threat Hunt

A cyber-range Akira ransomware investigation reconstructing remote access, staging, lateral movement, defense evasion, data staging, and impact artifacts using Microsoft Defender telemetry.

Problem

Akira activity needed host scoping, timeline rebuild, and gap review.

Outcome

Affected hosts, IOC timing, and detections are documented.

Concepts

Ransomware timeline, remote access triage, tampering, and impact.

Tools

MDE Advanced HuntingMicrosoft SentinelSIEMKQLMicrosoft Defender for EndpointMITRE ATT&CK

View case study