Cyber Risk Capstone Project: https://github.com/aanvidogra/Capstone-Cyber-Risk-Portfolio
This project focused on identifying and analyzing security risks within a simulated cloud environment hosted in AWS. The goal was to understand how technical vulnerabilities can impact business operations and how organizations prioritize remediation efforts through risk management processes.
Public-facing AWS EC2 web server
Internal database server hosted separately from public resources
Simulated cloud storage environment using Amazon S3
Asset inventory and risk tracking documentation
Risk heat map and business impact analysis
Configured and documented a small cloud environment to simulate real-world infrastructure
Analyzed exposed services and reviewed potential attack surfaces
Used Nmap to identify open ports and externally accessible services
Assessed risks related to:
Public-facing systems
Misconfigured cloud storage
Access control weaknesses
Service exposure
Created a risk register to track likelihood, impact, and mitigation recommendations
Developed remediation recommendations including:
Reducing unnecessary exposure
Strengthening configurations
Improving segmentation and access controls
Mapped technical findings to operational and business risk considerations
Docs: This folder contains the main written documentation for the project. It includes executive summaries, project reports, phase write-ups, and supporting documentation used to explain the purpose, process, and outcomes of the risk assessment.
Risk Register: This folder contains the risk management and tracking documentation created throughout the project. It includes the risk register, risk analysis summaries, and supporting materials used to document threats, likelihood, impact, and mitigation strategies.
Phase 3: This folder contains the final phase of the project focused on vulnerability analysis, remediation planning, and project reflection. It includes scan results, security findings, remediation recommendations, and documentation explaining how the identified risks were analyzed and addressed.
AWS • EC2 • S3 • Linux • Nmap • Vulnerability Analysis • Cloud Security • Risk Assessment • Asset Management • Security Documentation • GRC Concepts • Business Impact Analysis
This project helped me better understand how technical security findings connect to larger business risks. It also gave me experience communicating vulnerabilities, prioritizing remediation efforts, and documenting risk in a structured way similar to real-world governance and vulnerability management workflows.
Routersploit Project Summary
In this project, I set up my first virtual machine and then downloaded RouterSploit. I ran into a few errors but researched ways to solve them. I explored the different packages and scanners. I ultimately decided to check my camera for any vulnerabilities. I set my target and ran the exploit. RouterSploit let me know my camera is not vulnerable to its exploits and I don't have any default credentials set. Overall, this was a cool lab to do and it got me thinking of all the IoT devices connected in our homes.
The very first thing I did was download Routersploit from Github. RouterSploit is an open-source exploitation framework focused on embedded devices, specifically routers, modems, and Internet of Things (IoT) devices. This step took me a while because I downloaded my first virtual machine and then had to set it up. When I tried downloading the file I received a few errors of a missing package, called the 'future' package. I then started scouring the internet for solutions, till I found a way to install the missing 'future' package
I started up the program and looked for scanners and packages. I tried this out on many things, like my router and cameras at home. From my finding, you need an IPv4 or IPv6 address. I decided I wanted to find out if a camera located in my house my vulnerable. This camera is super important since it's near an area where important conversations happen, and if hacked could be critical to my family's privacy. I chose that camera scan, and then set my target to the IP address.
I typed in the exploit command and a series of exploits were run against my camera. I really liked how it checked for default credentials we well because many people forget or don't know they need to change the default credentials. IoT devices are often shipped with default usernames and passwords like "admin" or "password". This highlights the importance of passwords and how crucial they are. After analyzing my results there were no default credentials and RouterSploit could not confirm any vulnerabilities.
Password Strength Checker
I created a password strength checker using the tutorial from NeuralNine. This tutorial helped me understand and apply the OWASP password requirements to the best of my ability. The password checker takes the user's entered password and scores it out of 7. The code checks with a common password file with over ten thousand common passwords. I also was able to revisit coding since I haven't done it in a while. I changed the code by looping a few items so there was minimal repetition. The tutorial encouraged me to think about security from a broader perspective. It highlighted the significance of strong passwords and the need for robust cybersecurity practices. Check out the code on GitHub