Research & Projects
Here is my research output and case studies that demonstrate my skills and expertise.
NetworkMiner
Release Date:
This project demonstrates the application of NetworkMiner, a Network Forensics Analysis Tool (NFAT), for rapid network traffic analysis. The primary objective was to parse pre-captured PCAP files to perform initial reconnaissance, extract critical artifacts, and identify key network events. The analysis showcases proficiency in using specialised tools to efficiently sift through network data and uncover actionable intelligence, forming the first step in a comprehensive digital forensics investigation.
View Report DetailsSnort Challenge - Live Attack
Release Date:
This report details a cybersecurity exercise focused on using the Snort Intrusion Detection and Prevention System (IDS/IPS) to neutralise two distinct threats within a simulated corporate network. The project successfully demonstrated the process of traffic analysis, signature creation, and rule deployment to mitigate both an external brute-force attack and an internal reverse-shell compromise.
View Report DetailsSnort Challenge — The Basics
Release Date:
This report provides an overview of the fundamental concepts and configurations of the Snort Intrusion Detection and Prevention System (IDS/IPS). It serves as a primer for understanding how Snort operates, including its architecture, rule-based detection mechanisms, and deployment strategies within a network environment.
View Report DetailsFeast on the Desperate
Release Date:
The Challenge: This paper addresses the escalating threat of cryptocurrency scams by examining the social engineering and psychological tactics that exploit individuals. We identify a critical gap in public awareness and expose how social media, leveraging platforms, influencers, and targeted advertising, is a primary vector for these sophisticated schemes. The research highlights that these scams succeed not just through technical means, but by preying on human vulnerabilities like FoMo (Fear of Missing Out) and other emotional manipulations.
Methodology & Analysis: Through a detailed analysis of scam victimisation and real-world testimonies, this work delves into the psychological underpinnings of why individuals fall prey to these schemes. The paper synthesises elements from disparate fields, phishing prevention, the SCAMS Checklist, the I-PACE model, and insights from parasocial relationships to develop a new, comprehensive framework for scam prevention. This interdisciplinary approach provides a more holistic defence strategy.
The Key Findings & Contributions:The study's findings confirm that scammers systematically exploit financial fears and parasocial trust to bypass logical decision making. Our primary contribution is the proposed comprehensive framework, which empowers individuals with a combined set of tools to identify and avoid fraudulent cryptocurrency schemes. This framework's novelty lies in its integration of psychological and social factors with established technical prevention methods.
Implications & Conclusion: The implications of this research are significant for both individuals and organisations. By understanding the psychological tactics employed by scammers, we can better equip ourselves to resist these manipulative strategies. The proposed framework serves as a valuable resource for developing targeted educational initiatives and preventive measures in the fight against cryptocurrency scams.
View Research PaperCyber Drill: Incident Investigation of a Compromised System
Release Date:
FCB Bank PLC was the target of a sophisticated cyberattack that resulted in a data breach and the theft of sensitive customer information. The multi-stage attack involved gaining initial access, reconnaissance, tool deployment, internal network penetration, data collection and exfiltration, and attempts to destroy evidence. The breach has exposed FCB Bank PLC to potential legal, regulatory and reputational damage. Immediate action is required to contain the breach, fully investigate its extent and implement robust preventative measures to prevent future incidents.
View Report DetailsRespond and recover from a data breach
Release Date:
This project focuses on the implementation of a Security Information and Event Management (SIEM) system to enhance an organisation's cybersecurity posture. It covers key aspects such as log collection, correlation, and real-time monitoring. The goal is to create a robust SIEM infrastructure that enables effective threat detection and incident response.
View Report DetailsRecover VMs with Google Backup and DR Service
Release Date:
This project focuses on leveraging Google Cloud's Backup and Disaster Recovery (DR) services to ensure the resilience and availability of virtual machines (VMs). It covers key aspects such as backup strategies, recovery point objectives (RPO), and recovery time objectives (RTO). The goal is to create a robust disaster recovery plan that minimizes downtime and data loss.
View Report DetailsCode Red for Healthcare: Why the NHS is Losing the War on Ransomware
Release Date:
The National Health Service (NHS) is in a state of perpetual crisis, grappling with understaffing, overcrowding, and systemic delays. This operational fragility is being dangerously amplified by a relentless wave of cyberattacks. Ransomware, in particular, has proven to be a uniquely devastating threat, capable of crippling hospital operations, compromising patient data, and putting lives at risk.
This analysis argues that the NHS's vulnerability is not just a matter of insufficient funding but a fundamental flaw in its technological foundation. Its deep-seated reliance on traditional, high-maintenance operating systems like Windows creates an attack surface that is simply too vast to defend. The solution lies in a strategic pivot to a modern, secure-by-design platform. By adopting a 'Zero Trust' architecture, exemplified by ChromeOS, the NHS can build a more resilient, manageable, and inherently secure infrastructure fit for the challenges of the 21st century.
View White PaperSecuring a Server
Release Date:
This project focuses on implementing security measures for a server environment. It covers key aspects such as firewall configuration, intrusion detection systems, and regular security audits. The goal is to create a robust security posture that protects against a wide range of cyber threats.
View Report DetailsConfigure a Small Business Network Infrastructure
Release Date:
This project focuses on designing and implementing a small business network infrastructure. It covers key aspects such as network topology, hardware selection, and security measures. The goal is to create a reliable and secure network environment that meets the needs of a growing business.
View Report DetailsThreat Analysis and Mitigation of Key Cyber Network Vulnerabilities
Release Date:
This report provides a comprehensive analysis of key cyber network vulnerabilities and their mitigation strategies. It explores various types of vulnerabilities, including software flaws, misconfigurations, and human factors, and examines their potential impact on organisational security. The report also outlines effective mitigation techniques, such as patch management, network segmentation, and employee training. By adopting these strategies, organisations can enhance their resilience against cyber threats and safeguard their critical assets.
View Report DetailsThreat Analysis and Mitigation of Communication
Release Date:
This report provides a comprehensive analysis of communication threats and their mitigation strategies within organisational contexts. It explores various types of communication threats, including phishing, social engineering, and insider threats, and examines their potential impact on organisational security. The report also outlines effective mitigation techniques, such as employee training, robust authentication methods, and the implementation of secure communication protocols. By adopting these strategies, organisations can enhance their resilience against communication-related cyber threats and safeguard their sensitive information.
View Report DetailsAnalyse audit logs using BigQuery
Release Date:
This report explores the use of BigQuery for analysing audit logs in cloud environments. It highlights the challenges of log management and the importance of effective analysis in identifying security incidents. The report also provides practical guidance on setting up BigQuery for log analysis, including schema design, query optimisation, and cost management strategies. By leveraging BigQuery's capabilities, organisations can enhance their visibility into user activity and improve their incident response efforts.
View Report DetailsLinux Privilege Escalation
Release Date:
This report examines the techniques and methodologies employed in Linux privilege escalation attacks. It provides a comprehensive overview of the various vectors that attackers exploit to gain elevated privileges on Linux systems. The report also discusses preventive measures and best practices for securing Linux environments against such attacks.
View Report DetailsTerraform Firewall Rule Modification Report
Release Date:
This report delves into the intricacies of managing firewall rules using Terraform, a popular Infrastructure as Code (IaC) tool. It explores the challenges and solutions associated with modifying firewall configurations in a cloud environment, focusing on best practices for ensuring security and compliance. The report highlights the importance of version control, testing, and automation in maintaining robust firewall policies. Additionally, it provides insights into common pitfalls and how to avoid them when implementing changes to firewall rules through Terraform. By leveraging Terraform's capabilities, organisations can achieve greater agility and reliability in their network security management.
View Report DetailsSymmetric and Asymmetric Keys Creation
Release Date:
This report explores the processes involved in the creation and management of symmetric and asymmetric encryption keys. It covers the fundamental principles of cryptography, including key generation, distribution, and storage. The report also discusses best practices for implementing encryption in various applications, highlighting the importance of key management in maintaining data security. By understanding the nuances of symmetric and asymmetric keys, organisations can better protect sensitive information and mitigate the risks associated with data breaches.
View Report DetailsIdentify vulnerabilities and remediation techniques
Release Date:
This report focuses on identifying common vulnerabilities within organisational IT infrastructures and proposes effective remediation techniques. By analysing recent cyber incidents and leveraging industry best practices, the report aims to provide actionable insights for enhancing security postures. Key areas of focus include vulnerability assessments, penetration testing, and the implementation of security controls. The findings underscore the importance of a proactive approach to cybersecurity, emphasising continuous monitoring and regular updates to security protocols.
View Report DetailsGoogle Cloud IAM
Release Date:
This report provides a comprehensive overview of Identity and Access Management (IAM) within the Google Cloud Platform (GCP). It explores the fundamental concepts of IAM, including roles, permissions, and policies, and how they are implemented in GCP to ensure secure access to resources. The report also delves into best practices for managing identities, setting up multi-factor authentication, and auditing access logs to maintain a robust security posture. Additionally, it highlights common challenges and solutions related to IAM in cloud environments, making it a valuable resource for IT professionals and organisations looking to enhance their cloud security strategies.
View Report DetailsFirewall and create a rule
Release Date:
This report outlines the process of configuring a firewall and creating rules to enhance network security. It covers the key concepts of firewall technology, including stateful vs. stateless filtering, and provides a step-by-step guide to setting up rules that effectively block unauthorized access while allowing legitimate traffic. The report also discusses best practices for rule management and monitoring to ensure ongoing protection against emerging threats.
View Report DetailsExplore false positives through incident detection
Release Date:
This report investigates the challenges of false positives in security incident detection. By analysing a series of alerts generated by a SIEM system, the project aims to identify common characteristics of false positives and develop strategies to reduce their occurrence. The findings highlight the importance of context-aware analysis and the need for continuous tuning of detection rules to improve accuracy.
View Report DetailsDetermine the difference between normal activity and an incident
Release Date:
This report details the investigation and resolution of two 'Persistence: IAM anomalous grant' threat findings identified by Google Cloud's Event Threat Detection. To differentiate between benign and malicious behaviour, a security incident was simulated by granting the high-privilege 'Owner' role to an external user account. Subsequent analysis of the alerts in the Security Command Center and associated Cloud Logging data successfully distinguished the simulated malicious event from a legitimate internal permission change. The incident was resolved by revoking the externally granted permissions. This exercise demonstrates a practical workflow for using native Google Cloud security tools to effectively identify, analyse, and remediate potential IAM-based threats, underscoring the importance of vigilant monitoring and prompt incident response.
View Report DetailsPenetration Test Report for KnifeTuna
Release Date:
This report presents the findings of a penetration test conducted on the KnifeTuna application. The assessment aimed to identify vulnerabilities and weaknesses in the application's security posture. Through a combination of automated scanning and manual testing techniques, several critical issues were discovered, including improper input validation and insufficient authentication mechanisms.
View Report DetailsJPMorgan-Transaction - Detecting Financial Fraud with Machine Learning
Release Date:
This project tackles the critical challenge of fraud in the burgeoning world of mobile money. By analysing a large-scale dataset from a financial services provider, I uncovered the subtle behavioural patterns that distinguish legitimate customers from fraudulent actors.
The core of this work involved moving beyond existing detection flags to engineer a highly accurate predictive model. The result is a set of actionable insights and a robust machine-learning framework designed to help organisations pre-emptively identify and stop fraud, enhancing system security and protecting customer assets.
View Project DetailsPassword-Generator
Release Date:
This project is a simple password generator built with Python. It allows users to create secure passwords by specifying criteria such as length and complexity (inclusion of uppercase letters, numbers, and symbols). The application uses the `random` library to generate passwords and provides an easy-to-use interface for users to customize their password requirements.
View Project DetailsTask Tracker Application
Release Date:
The Task Tracker Application is a streamlined and user-friendly task management solution developed in Python. Designed for simplicity and efficiency, the application provides core functionalities for managing daily tasks, including the ability to add, view, and delete items through an intuitive interface.
Built as an original project, the application leverages both standard and third-party Python libraries to ensure reliable performance. A key focus of the development was on creating high-quality, fully commented, and legible code, which makes the system easy to understand, maintain, and potentially extend.
View Project DetailsSpam Classifier using Logistic Regression
Release Date:
The spam classifier project that uses a Logistic Regression model to identify spam emails. Built with Python, Scikit-learn, and Pandas, the project leverages the Enron email dataset for training. The process involves cleaning the email text, converting it into a numerical format using the CountVectorizer technique, and then training the model to recognise patterns. The repository includes a Jupyter Notebook that details the training and evaluation process, which measures performance through metrics like accuracy and a confusion matrix. The author also suggests potential future improvements, such as experimenting with different algorithms like SVM or incorporating more advanced text preprocessing methods.
View Project Details