Alert Summary Detection triggered for suspicious PowerShell execution on host WIN-01 under user jsmith. Evidence Observed Event ID 4688 – Process creation Command line included base64-encod...

In the SANS SEC504 course, I conducted a full-scope investigation into a simulated ransomware attack by the “Midnite Meerkats” threat group. This series of labs required pivoting from live system a...

Project Overview In this project, I demonstrated how to effectively use SQL filters, operators, and keywords to extract specific security-relevant data from large databases. SQL filtering is a cru...

In the SANS SEC504 course, I targeted the “Falsimentis Customer Support” portal to identify and exploit common web vulnerabilities found in the OWASP Top 10. Here is the step-by-step methodology I...

In the SANS SEC504 course, I explored the techniques used to capture and crack credentials. Credentials are the keys to the kingdom; acquiring them allows an attacker to bypass sophisticated exploi...

In the SANS SEC504 course, I performed comprehensive network reconnaissance against a simulated corporate network (“Falsimentis”). The goal was to map the attack surface, identify running services,...

In the SANS SEC504 course, I focused on the unique misconfigurations found in cloud environments, specifically AWS S3 buckets and Cloud metadata services. The goal was to understand how simple conf...

In the SANS SEC504 course, I utilized Metasploit, the industry-standard penetration testing framework, to execute complex attacks. Gaining initial access is just the beginning; the “Post-Exploitati...

Challenge Overview Bounty Hacker is a beginner-friendly TryHackMe room focused on basic enumeration, credential reuse, and simple privilege escalation through misconfiguration. Enumeration I sta...

National Cyber League (NCL) Spring 2025 — Individual & Team Games Overview The National Cyber League (NCL) Spring 2025 competition brought together over 8,500 individual competitors and almos...