~/packetpursuit $ ls -la ./projects/
Deployed a multi-honeypot platform (T-Pot) to capture live attack traffic and malware samples. Built a full threat intelligence pipeline feeding into MISP and OpenCTI. Captured and analyzed a Rondodox/Mirai IoT botnet variant and Kinsing crypto miner using Ghidra for static binary analysis. Correlated attack data with STIX/TAXII feeds and produced actionable intelligence reports.
The honeynet runs on dedicated Dell PowerEdge hardware in my home lab, isolated behind pfSense firewall rules. Attack data flows through Logstash into Elasticsearch, with Kibana dashboards providing real-time visibility. Suricata IDS alerts are correlated with honeypot logs to identify attack campaigns. Malware samples are automatically extracted, hashed, and submitted to VirusTotal for enrichment before manual analysis in Ghidra. The MISP instance shares indicators with the broader threat intel community via STIX/TAXII.
Enterprise-grade home lab built on Dell PowerEdge servers running Proxmox virtualization. Segmented network with pfSense firewalls, VLANs for isolated attack/defense zones, and a full ELK + Wazuh monitoring stack. Serves as the foundation for all research, testing, and training.
Infrastructure includes multiple VMs for red/blue team exercises, a dedicated malware analysis sandbox, Active Directory lab environment, and containerized services via Docker. Network monitoring covers all segments with Zeek and Suricata. Regular vulnerability scanning with OpenVAS. All configurations managed as code for reproducibility.
Analyzed real-world business email compromise (BEC) and spear-phishing campaigns. Performed header analysis, sender reputation checks, URL/domain investigation, and payload extraction. Mapped tactics to MITRE ATT&CK framework and produced incident reports.
Developed Python scripts for automated header parsing and IOC extraction. Created detection rules for common BEC patterns. Documented social engineering techniques observed in the wild and built awareness training materials based on findings.
Badged volunteer at the National Cyber Workforce Framework AZ03 cyber range. Participate in and help facilitate Capture the Flag competitions, defensive exercises, and cyber dive training events for students and professionals.
Contribute to exercise design, range infrastructure setup, and mentoring participants. Focus on blue team defensive scenarios including log analysis, incident response procedures, and threat hunting. Help bridge the gap between classroom knowledge and operational skills.
This portfolio site — built from scratch with a terminal-inspired dark theme. Features a Claude-powered chatbot, automated threat intel feeds, and auto-deploys from GitHub to Cloudflare Pages on every push to main.
Designed with a hacker/operator aesthetic using custom CSS animations (scanline overlay, typing effects, fade-in observers). Integrated Claude API chatbot provides visitors with information about projects and background. Blog section supports both manual writeups and automated threat intelligence posts via Cowork automation pipeline.
> HackTheBox / TryHackMe writeups coming soon...
Check back for walkthroughs, flag captures, and methodology breakdowns.