Lab Work

Full-stack APT41 pharmaceutical-sector attack simulation. Log4Shell (CVE-2021-44228) initial access → Sliver C2 → Active Directory lateral movement → LSASS credential dump → dual-layer detection with Wazuh + Zeek + Elastic. Published lab architecture and full attack playbook.

Fully automated Terraform deployment of intentionally misconfigured GCP + AWS infrastructure for cloud pentest practice. Covers IAM privilege escalation, public storage buckets, unencrypted secrets, lateral movement paths, and CloudTrail evasion. Destroy-when-done design.

Vulnerable Kubernetes cluster covering 25 critical security issues: privileged containers, hostPath mounts, unauthenticated dashboards, RBAC misconfigurations, exposed secrets, and container escape paths. One-prompt Cursor AI deployment option included.

Vulnerable IIS + SharePoint server environment with Fluent Bit log shipping. Full deployment guide. Built to practice web server exploitation and log analysis for detection hypothesis validation.

Cloud attack simulation platform: 9 AWS + 7 GCP modules covering CloudTrail evasion, privilege escalation, lateral movement, and data exfiltration. 125-test suite. ECS Fargate / Cloud Run deployment. Multi-LLM finding analysis with severity classification.

Full Windows domain lab: Active Directory with GPOs, multiple misconfigurations, Kerberoasting paths, Pass-the-Hash, AS-REP roasting, and LSASS dump scenarios. Two deployment options: manual step-by-step guide and one-prompt Cursor AI automated setup. Black-box AI-driven pentest walkthrough included.

Script-automated extremely vulnerable Windows 10 machine for pentest training. Disabled firewall and AV, weak credentials, open services, unpatched CVEs. Full pentest walkthrough with HexStrike included as a bonus.

Intentionally vulnerable Android application covering all OWASP Mobile Top 10 vulnerability classes: insecure data storage, improper authentication, code tampering, reverse engineering exposure, insufficient cryptography, and more. Built for authorized security research, CTF practice, and mobile security education.

Ubuntu-based Android malware analysis lab setup guide: Androguard static analysis, Frida dynamic instrumentation, Android emulator configuration, APK decompilation toolchain. Includes terminal APK static-analysis framework with YARA hits, ATT&CK mappings, and Frida hook generation.

Autonomous Android security research with Cursor AI: one-prompt setup of the full mobile PT environment, automated static/dynamic analysis workflow, and AI-guided vulnerability discovery on the vulnerable APK target.

Intentionally vulnerable AI application lab — like DVWA but for modern AI systems. Targets: RAG assistants, tool-calling agents, and LLM-powered copilots. Covers prompt injection, indirect prompt injection, data exfiltration via tool calls, agent goal hijacking, and retrieval poisoning.

Script-automated extremely vulnerable Ubuntu 24.04 server: misconfigured SSH, exposed services, weak credentials, privilege escalation paths. Full end-to-end pentest walkthrough with HexStrike as a bonus alongside the setup guide.

Reproducible DVWA (Damn Vulnerable Web Application) deployment automated with Ansible. One-command spin-up of a safe, isolated web-app attack-and-detect training environment. Idempotent playbooks for consistent lab rebuilds.

Reverse engineering walker with TUI: Capstone disassembly, FLIRT signature matching, control flow graph extraction, Frida-based dynamic tracing, INetSim network isolation, 8 behavioral malware pattern detectors, and SIEM-ready JSON output. Tested on real DearStealer sample (MD5: c6ab7265…) — T1056.001, T1547.001, T1555.003, T1573.001 mapped.

Terminal APK static-analysis framework: Androguard parsing, YARA rule matching, ATT&CK technique mapping, VirusTotal integration, and Frida hook generation — all from a single CLI command. No sandbox required.

Production-ready toolkit for initial triage of suspicious PE binaries: PE-Import-Analyzer (LIEF-based API risk classification, CRITICAL/SUSPICIOUS/UNCOMMON), string extraction, obfuscation detection, and file fingerprinting. Published static malware analysis article series.