> Labs & Projects
T-Pot Honeypot
A multi-honeypot platform capturing real-world attacks. Data is logged and visualized with the ELK stack, enriched with VirusTotal and GeoIP for comprehensive threat analysis.
Security Onion Casebook
A repository of documented threats identified on the network. Each case includes MITRE ATT&CK mapping, key observables, and detailed Markdown-based reporting.
VPN Intelligence Tool
A custom Python tool to check IP addresses for Tor/VPN usage, GeoIP data, ASN information, and VirusTotal reputation, generating reports in Obsidian-ready format.
Quiet Journal (Android)
An offline, Markdown-based Android application designed for secure, private reflection and journaling, emphasizing mental health and digital privacy.
> Custom Toolbox
Purpose-built scripts for threat intelligence, automation, and investigations.
vpn_check.py
A CLI/GUI tool for comprehensive IP analysis, featuring ASN, Tor, and VirusTotal lookups with batch processing and Markdown export capabilities.
so_alert_bot.py
Automates Suricata alert enrichment by sending grouped, geo-tagged notifications to Microsoft Teams, with a built-in cooldown to prevent alert fatigue.
ZenCrack GUI
A simple yet effective Hashcat launcher script for Parrot OS, designed to streamline password cracking workflows with potfile management and a preview UI.
> Digital Casebook Highlights
Investigations are documented in a forensic-style journal format.
202504060446-GoSSHBrute
Analysis of widespread SSH brute-force activity originating from DigitalOcean IPs. IOCs were flagged by VirusTotal and correlated with known campaigns.
202504150238-wgetShellDrop
Breakdown of a malicious shell script dropper captured by T-Pot. The attack was deobfuscated and mapped to MITRE TTPs for persistence and execution.
202504170133-InfostealerPDF
Investigation into a suspicious PDF file linked to a phishing campaign, containing obfuscated macros and potential payload triggers for credential theft.