Back to All Projects

Cybersecurity Projects

Digital forensic investigations, SIEM threat hunting, and security automation developed during my graduate studies at UNC Charlotte.

SIEM Investigation: SSL Certificate Anomaly Detection

A comprehensive security investigation using the Elastic Stack (Kibana/Elasticsearch) to identify typosquatted Certificate Authorities and potential MITM threats within network traffic logs.

View Full Report (PDF) View on GitHub
Kibana dashboard showing SSL certificate analysis

The Challenge

Analyze network traffic logs to identify potentially malicious SSL certificates that could indicate man-in-the-middle attacks or typosquatting attempts.

Are there suspicious certificate authorities?
Do any certificates show signs of typosquatting?
What patterns emerge from the data?

The Approach

1Imported 50,000+ SSL certificate logs into Elasticsearch
2Used Kibana to visualize and analyze certificate patterns
3Identified anomalies and suspicious CAs
4Prepared comprehensive security report

The Impact

Identified 12 suspicious certificate authorities
Documented potential MITM threat vectors
Recommended remediation strategies
Demonstrated SIEM analysis capabilities

Digital Forensics: UNCC Theft Case Examination

A comprehensive forensic examination documenting the recovery of deleted evidence, EXIF metadata analysis, and GPS location tracking using industry-standard tools.

View Forensic Report (PDF) Hash Validator Script Log Analyzer Script
Digital forensics investigation interface

The Scenario

Investigate a simulated theft case involving stolen university property, deleted evidence, digital photos with location data, and timeline reconstruction.

The Investigation

1Created forensic image using FTK Imager
2Recovered 200+ deleted files with Autopsy
3Extracted EXIF data from 50+ images
4Mapped GPS coordinates to crime scenes
5Built comprehensive activity timeline

The Results

Recovered 200+ deleted files
Extracted EXIF metadata from 50+ images
Mapped GPS coordinates to crime scenes
Created detailed timeline of events
Prepared court-ready forensic report

NetFlow Analysis & Enrichment with Elastic SIEM

A complete security analytics workflow: from raw network log enrichment using Python to advanced threat hunting and visualization in Elastic SIEM (Kibana). Identified suspicious internal hosts involved in potential data exfiltration to unclassified external destinations.

Enrichment Script (Python) View on GitHub
Python enrichment script terminal output showing 42,765 enriched netflow records

The Challenge

Analyze 42,765 raw netflow records to identify suspicious internal hosts involved in potential data exfiltration or abnormal outbound communication to unclassified external destinations.

Which hosts upload the most data externally?
Are there signs of C2 beaconing activity?
Can we classify external destinations by ASN?
What traffic patterns suggest exfiltration?

The Approach

1Built Python ETL pipeline to enrich raw netflow logs
2Added internal/external IP classification flags
3Performed automated ASN lookups (Microsoft, Google, Amazon, Facebook)
4Ingested enriched NDJSON into Elastic Stack
5Created Kibana visualizations for behavioral analysis

Key Findings

10.0.1.63 uploaded 28.95 MB to unclassified destination
192.168.0.50 uploaded 19.31 MB externally
192.168.163.136 made 84 connections to a single external IP
Identified potential C2 beaconing and scanning patterns
Enriched 42,765 records across 24 fields

Visualizations & Evidence

Distribution of Outbound Data to Unclassified External Destinations by Source IP

Distribution of Outbound Data to Unclassified External Destinations

Top 7 Internal Sources by Sum of Bytes Sent to External Destinations

Top 7 Internal Sources by Bytes Sent to External Destinations

Top 7 Internal Sources by Connection Count showing potential C2 beaconing

Connection Frequency Analysis — Potential C2 Beaconing Detection

Elastic Data Visualizer showing 24 enriched fields across 42,765 documents

Elastic Data Visualizer — 24 Enriched Fields, 42,765 Documents

Enriched Netflow Logs in Elastic Discover showing all 42,765 documents

Enriched Netflow Logs in Elastic Discover

Additional Cybersecurity Projects

Log Analysis Automation

Python scripts for automated security log parsing and threat detection.

Automated log parsing
Pattern recognition
Threat detection
Alert generation
PythonRegexPandas

Vulnerability Assessment Lab

Hands-on penetration testing and vulnerability scanning in controlled lab.

Network scanning
Vulnerability identification
Exploitation techniques
Remediation recommendations
Kali LinuxNmapMetasploit

Incident Response Playbook

Documented procedures for common security incidents following NIST framework.

Malware infection
Data breach
DDoS attack
Insider threat
NIST Framework

Interested in My Cybersecurity Work?

I'm actively seeking cybersecurity internship opportunities in SOC analysis, digital forensics, or incident response.

Download ResumeView All ProjectsContact Me