02 — Work

Projects

Selected build notes and lab work

01
Portfolio + CTF Writeups Site

Flag-gated writeup and cheatsheet hosting with typewriter terminals, scramble animations, and markdown rendering. Live on GitHub Pages.

HTML CSS JS Marked.js GitHub Pages
Active Web Development
02
Argus Recon

Bash recon tool that chains nmap, gobuster, and whatweb into one command, then drops timestamped markdown results with a findings summary.

Bash nmap gobuster whatweb
In Progress Automation
03
Linux Hardening Script

Bash script that applies a CIS-aligned hardening baseline to a fresh Ubuntu install — SSH lockdown, sysctl tuning, and auditd rules.

Bash Ubuntu CIS auditd
In Progress Hardening
04
Docker Pivoting Lab

Multi-container environment for practising Chisel-based SOCKS5 pivoting and lateral movement — spins up in one command.

Docker Chisel Nginx Flask
Queue Network
05
Home Active Directory Lab

Windows Server + two workstations in VirtualBox. Covers the full AD attack chain: enumeration, Kerberoasting, lateral movement, and DA takeover.

Windows Server VirtualBox BloodHound Impacket
Queue Active Directory
06
Web Exploit Playground

Intentionally vulnerable Docker app for practising XSS, SQLi, SSRF, and command injection with Burp Suite in an isolated environment.

Docker Flask SQLite Burp Suite
Queue Web Security
07
AD Enumeration Toolkit

Python CLI for fast user, group, and SPN collection in AD lab environments. Outputs BloodHound-compatible JSON for attack path analysis.

Python ldap3 Impacket BloodHound
Queue Active Directory
08
Cowrie SSH Honeypot

Medium-interaction SSH honeypot that logs attacker commands, credentials, and session replays into structured logs for analysis.

Python Cowrie Docker SSH
Queue Defensive
09
Ansible Provisioning Playbook

Idempotent Ansible playbook that provisions a fresh server — installs packages, configures users, deploys dotfiles, and sets up firewall rules.

Ansible YAML Linux SSH
Queue Automation
10
Automated Backup System

Cron-driven backup script with incremental rsync, remote offloading to a VPS, and integrity verification via checksums.

Bash rsync cron SSH
Queue SysAdmin
11
Pi-hole DNS Sinkhole

Self-hosted Pi-hole on a Raspberry Pi with custom blocklists, DHCP takeover, and a local DNS resolver for the home network.

Pi-hole DNS Raspberry Pi Linux
Queue Networking
12
WireGuard VPN Server

Self-hosted WireGuard VPN on a VPS with split-tunnel routing and a kill switch — full traffic control from any device.

WireGuard iptables VPS Linux
Queue Networking
13
VLAN Home Lab

Segmented home network with VLANs for IoT, trusted, and lab traffic — managed switch config, inter-VLAN routing rules, and firewall policies.

VLAN pfSense Switch Networking
Queue Networking
14
Packet Analysis Tool

Python wrapper around Scapy and tshark for automated PCAP parsing, protocol dissection, and suspicious traffic flagging.

Python Scapy tshark PCAP
Queue Networking
15
Flipper Zero Lab

Custom Flipper Zero scripts for sub-GHz replay, IR cloning, and BadUSB payloads — documented with capture logs and attack notes.

Flipper Zero Sub-GHz BadUSB IR
Queue Hardware
16
Rubber Ducky HID Payload

DuckyScript payloads for credential harvesting and reverse shell drops — executes in under 10 seconds on an unlocked target.

DuckyScript HID PowerShell Bash
Queue Hardware
17
WiFi Pineapple Evil Twin

Evil twin AP setup with WiFi Pineapple — captive portal credential capture, deauth attacks, and traffic interception via mitmproxy.

WiFi Pineapple mitmproxy 802.11 Linux
Queue Hardware