Projects

Windows Server 2022 AD & Security Hardening Lab (Aug 2025)

Deployed Server 2022 as a domain controller, created OUs/users, applied security GPOs, and hardened the system by disabling SMBv1, configuring firewall rules, and enabling audit logging. 

Windows Endpoint Detection & Hardening Lab (Completed July 2025)      

Hardened a Windows 10 VM using Group Policy. Installed Wazuh agent in standalone mode to simulate system monitoring. Triggered rogue user creation, failed logins, and firewall changes. Verified detection using  Event Viewer and Wazuh logs. 

EDR Simulation with Sysmon (Completed July 2025)       

Set up a Windows 10 VM with Sysmon to monitor process, registry, and PowerShell activity. Simulated attacker behaviors like persistence and verified logs in Event Viewer, replicating basic EDR functions. 

Brute Force Detection Alert in Splunk (Completed July 2025)

Built a custom SPL query in Splunk to detect brute-force login attempts by identifying repeated failed logins from the same source IP. Configured an alert to trigger when suspicious patterns are detected, supporting early threat response. 

Linux Login Activity Monitor Splunk Dashboard (Completed July 2025)

Built a custom Splunk dashboard to visualize Linux authentication logs, track failed/successful login attempts, and detect brute-force attacks using SPL and field extractions. 

Windows Security & Hardening (Completed January 2025)

Conducted security audits, applied Group Policy configurations, and used malware detection tools to strengthen system defenses, ensure compliance, and maintain integrity. 

EFS & BitLocker (Completed January 2025)
Configured file and drive encryption to protect sensitive data using EFS and BitLocker.

Scheduled Backups & Folder Replication (Completed January 2025)
Automated system backups and folder replication using Windows Backup and Robocopy to support data protection and business continuity. 

Windows Server 2022 AD &  Security Hardening Lab

Description:

Built and configured a Windows Server 2022 environment as a standalone domain controller (lab.local). Created organizational units (OUs) and user accounts to simulate a corporate environment. Applied security-focused Group Policy Objects (GPOs) and implemented system hardening measures. 

Learned:

• Installing and configuring Active Directory Domain Services (AD DS)

• Creating and managing OUs and domain user accounts

• Implementing security policies via Group Policy

• Applying server hardening techniques such as disabling SMBv1, configuring Windows Defender Firewall, and enabling audit logging

Role & Collaboration:

Individually planned and executed the entire build in a virtualized lab environment using Oracle VM VirtualBox. Acted as both system administrator and security engineer, designing, configuring, and securing the domain controller. 

Outcome: 

Delivered a functional, security-hardened Windows Server 2022 domain controller environment with visual documentation for portfolio demonstration, showcasing both system administration and security configuration skills. 

Windows Endpoint Dectection & Hardening Lab

Description:

Simulated a Tier 2 enterprise support environment using a Windows 10 VM, Wazuh agent, and Group Policy. Focused on the detection of unauthorized changes, system misconfigurations, and endpoint behavior logging similar to the roles of SCOM and MBSA. 

Learned:

Learned how to configure the Wazuh agent in standalone mode, apply Group Policy for system hardening (including USB blocking and password policies), identify unauthorized activity through Sysmon and Event Viewer, and recognize detection gaps caused by missing audit configurations like firewall changes. 

Role & Collaboration:

Solo project to simulate overlap between System Administrator and SOC Tier 1/2 responsibilities, focused on Windows endpoint monitoring and detection. 

Outcome: 

Successfully simulated and documented common incident behaviors. Demonstrated ability to monitor registry, user, and system events without a SIEM or manager server, reinforcing hybrid SysAdmin + Blue Team skill set. 

EDR Simulation with Sysmon

Description:

Built a Windows 10 VM with Sysmon to detect suspicious endpoint activity like PowerShell abuse and registry persistence. 

Learned:

How endpoint telemetry works, Windows event logging, and attacker technique visibility through Sysmon. 

Role & Collaboration:

Solo project to simulate Tier 1 SOC workflows and reinforce blue team fundamentals. 

Outcome: 

Successfully captured attacker-like behavior in logs, verified EDR-style visibility, and laid groundwork for SIEM integration. 

Brute Force Detection with Splunk Alerts 

Description:

Developed a Splunk-based detection rule to identify potential brute force attacks based on repeated failed login attempts from the same IP address. Used SPL and field extractions to isolate login failures and built a threshold-based alert that triggers when an IP exceeds five failed attempts within a short window. 

Learned:

Gained hands-on experience building detection logic using time-based correlation in SPL. Learned how to extract custom fields using regex, apply filters to reduce false positives, and configure scheduled alerts inside Splunk’s alerting engine. 

Role & Collaboration:

Independently built and tested the brute force detection alert as part of a self-guided SOC analyst skill development path. Designed the SPL, validated extracted login data, and configured Splunk’s alert engine for real-time detection.

Outcome: 

Created a working security alert that mimics real-world brute force login detection. This project reinforces key SOC analyst skills, including log parsing, pattern recognition, and threat detection automation. Combined with my Linux Login Monitor dashboard, this builds a more complete view of endpoint authentication activity and alerting. 

Linux Login Activity Monitoring with Splunk 

Description:

Created a security-focused Splunk dashboard by ingesting and analyzing Linux authentication logs. Used Search Processing Language (SPL) to extract login data, identify failed/successful attempts, and detect brute force activity. Visualized key insights using custom panels and dashboards. 

Learned:

Gained hands-on experience in log ingestion, regex field extraction, and security event correlation. Developed a working understanding of Splunk’s dashboarding, search filters, and how to identify brute force behavior through time-based analysis. 

Role & Collaboration:

Independently led the design and implementation of a Splunk-based monitoring solution as part of my cybersecurity learning path. Built all SPL queries from scratch, configured data ingestion, and created a dashboard to visualize security-related login activity. 

Outcome: 

Built a working Splunk dashboard that visualizes Linux login behavior and highlights high-risk login activity such as failed attempts and brute force patterns. This project simulates real-world SOC analyst work and is part of my growing blue team portfolio. 

Auditing Windows Systems for Security Compliance 

Description:

Conducted a Windows security audit using OpenVAS and MBSA to identify vulnerabilities, check policy compliance, and detect misconfigurations and missing patches. 

Learned:

Gained practical experience in system auditing, vulnerability scanning, and interpreting security assessment reports 

Role & Collaboration:

Completed a Windows security audit as part of my cloud and security learning path, using industry tools to scan for vulnerabilities, analyze policies, and verify compliance. 

Outcome: 

Developed practical skills in conducting system security audits and interpreting vulnerability assessment reports. Gained experience in applying Security+ concepts to evaluate and improve system compliance.

Configuring Microsoft Encrypting File System (EFS) and BitLocker Drive Encryption 

Description:

Configured EFS and BitLocker on Windows to protect data at rest. Encrypted files, folders, and full drives, and tested access controls across user accounts. 

Learned:

Built practical skills in implementing file- and drive-level encryption key capabilities for securing cloud and hybrid environments. Gained experience in configuring access controls and understanding encryption management in enterprise systems. 

Role & Collaboration:

Completed this project to strengthen the understanding of enterprise encryption. Configured and tested EFS and BitLocker, and documented access control behavior. 

Outcome: 

Gained practical experience configuring and managing data encryption at both the file and disk levels. Developed an understanding of encryption policy application, key management, and data protection 

Creating a Scheduled Backup and Replicating System Folders 

Description:

Set up automated backups and folder replication using Windows Backup and Robocopy to support data protection and business continuity. Verified integrity through testing. 

Learned:

Developed practical skills in backup configuration, automation, and data replication 

Role & Collaboration:

Configured and tested scheduled backup and system folder replication as part of my cloud and system administration learning path. I automated backup processes and validated data replication to ensure seamless data transfer.

Outcome: 

Gained practical experience in automating backup processes and managing data replication. Strengthened understanding of business continuity practices and data protection.