A collection of security engineering projects focusing on automation, threat detection, and cloud security.
Developed an automated security scanning system for AWS S3 buckets that leverages Google's Gemini AI model for intelligent vulnerability analysis. The solution uses AWS Lambda functions triggered by EventBridge schedules to perform comprehensive security assessments, analyzing bucket policies, access controls, encryption configurations, and public exposure risks. Real-time findings are delivered via Discord webhooks, enabling security teams to respond immediately to misconfigurations and potential data exposure threats.
Built a Retrieval-Augmented Generation (RAG) API designed specifically for security operations teams, enabling natural language queries against MITRE ATT&CK knowledge base. Implemented with FastAPI for high-performance REST endpoints and ChromaDB for efficient vector storage and similarity search. Utilizes TinyLLama for local LLM inference, ensuring sensitive security data never leaves the organization's infrastructure while providing intelligent, context-aware responses to security analysts' queries.
Built an MCP (Model Context Protocol) server that integrates with the AbuseIPDB API to provide automated IP reputation checking and threat intelligence capabilities. The server enables security teams to seamlessly incorporate IP reputation data into their automation workflows, threat hunting operations, and incident response processes.
Developed an automated threat detection system that leverages machine learning models to identify security anomalies in cloud environments. The pipeline reduced mean time to detection (MTTD) by 45% through intelligent alert correlation and custom detection rules. Implemented using Python, integrating with SIEM platforms and cloud security tools.
Created Security Orchestration, Automation and Response (SOAR) workflows for GCP environments, automating incident response playbooks and security remediation tasks. The framework integrates with multiple security tools and provides automated response capabilities for common security events, significantly reducing manual intervention time.
Developed comprehensive Snort/Suricata detection rules for various CVEs and attack patterns including SQL injection, SpEL injection, Exchange Server vulnerabilities (CVE-2024-21410), and F5 BIG-IP authentication bypass (CVE-2022-1388). Includes PCAP analysis tools and automated testing methodologies to validate rule effectiveness.
Implemented a modern authentication system using WebAuthn and passkey technology, providing passwordless authentication with enhanced security. The system supports biometric authentication and security keys, demonstrating practical implementation of FIDO2 standards.
Built a comprehensive home lab environment for security research and testing, including IPFire firewall, Kali Linux penetration testing systems, and Raspberry Pi-based security tools. Used for hands-on experimentation with security tools, vulnerability testing, and developing custom security solutions.