Due to the lack of time I don’t have a lot of time to showcase all the things I have worked on. I would like to eventually start a YouTube channel or blog posts for things such as working with PowerShell.


Check out some scripts I wrote on my GitHub. Scripts were designed and tested and were also sanitized. I’ve only uploaded a few that I felt showcased my design and skill level.


My Try Hack Me badge – I haven’t had a lot of time to sit down and go through the labs but I will get to it eventually.


Lets Defend – I align more with the Blue side of Cyber Security. I have done quite a few labs. I have gone through the SOC analyst track, includes NMAP, Wireshark, MITRE Framework.


PostgreSQL Database | SQL | Fiddler
I was able to build a database, password protect it, forget the password and redo all the work. Some of the highlights included joining tables and configuring PKs and FKs. Unfortunately it is very hard to showcase a database or my school’s proprietary information but I can link the lab I used to learn.


Black Hills Information Security

I cannot say enough good things about the people at BHIS. They have the most in-depth labs I have experienced. I’ve completed two courses; SOC essential skills, and the active defense and cyber deception.
With the Active Defense course we learned about RITA. How to dig into Wireshark logs. Collect information and how ethically it isn’t good to hack back. But that doesn’t mean we can’t still mess with the bad guys. We learned how to make HTML directories that go on forever and any automation tools would be useless to scrape data. We learned how canary tokens can be used and more importantly when they should be used. It allows a beacon to fire off if say someone tried to access a file or directory that they shouldn’t.
The SOC course defined tools in the trade such as RITA , AlienVault, DeepBlue, and Wireshark. We were able to run malware on virtual machines and use different tools to see how malware can be traced.
Each course was 16 hours of lecture and hands on experience. John Strand was trained at SANS and is the next best thing.


Azure Honeypots using a SIEM

Josh Madakor has a IT education channel. This particular lab is one I have great interest in. I’ve watched it a few times and have started replicating parts of it. In the lab he spins up an Azure honeypot and sets up Sentinel on it then graphs the logs to a world map using an API call. I have spun up machines in AWS and Azure before I was more interested in the SIEM part. I’ve been playing with graylog just to get a feel for it before I complete this lab. This lab points out how useful it is to have a fully functional SIEM and the lack of one could have detrimental business impact.


NMap, Wireshark, and Penetration tools

Yes I have installed Kali. Yes I ran some pen tools at my home network. I have purchased an application that allows me to run a Linux terminal and use various tools against other computers in a Sandbox environment. Nmap was a staple in the command line to find networks and scan them. I would then have to figure out how to hack into them. Using such apps as John the Ripper or Hydra to brute force using a dictionary attack. I would then need to navigate the computer well enough using Linux and SSH to find Flags which were sometimes encrypted. The world of Haiku.
Red vs. Blue allows me to control a group of hacktivists or a CISO. It taught me about Tactics, Techniques, and Procedures (TTP) such as USB drops, email compromise, and even the importance of physical security like cameras and door locks. The blue team also brought the concept of defense in depth, incident response, as well as how all the devices are used to protect and how a compromise can lead to business impact. Although concepts of firewalls, antivirus, VPNs, and VLANs are not new to me, seeing the big picture was enlightening of how they all work together and fill gaps in security. Not only did I learn about all the different types of attacks but I also learned about industrial control systems (ICS).


TCM Academy

I have about 5 courses from TCM academy. I learned the linux 101 basics. I finished the Practical Ethical hacking course but plan to revisit this when I get into studying for my PenTest certification. I will also be doing Movement, Pivoting and persistence, the practical malware analysis & triage, and the practical web application security and testing. I would also like to add I completed the GRC Masterclass that has been integrated into TCM where I learned about Risk analysis and management, business impact, compliance with laws and regulations including NIST, ISO, PCI, and federal laws.


Home Lab #1

Purpose: Create a network of servers and see what alerts get generated under different attacks. Discover behaviors of attack types. Analysis of logs.
Created a network of 5 virtual machines in virtual box. Managed virtual resources and modified VMs as necessary.
Created and configured a PFSense image. Managed multiple network connections under different network addresses. This was used as a firewall and to segment the network.
Configured a Security Onion server to generate logs using a CentOS server. This was useful to detect attacks.
Built a Kali box as my attack machine.
Configured a Mint box as an ‘internal user’ for an attack surface.

I was successfully able to scan the network using NMap and using the versioning was able to find security vulnerabilities using tools like Metasploit. I used some tools that allowed PFsense to generate logs. I was then able capture some packets using wireshark that showed my attack machine IP.

Next steps: Deploy a Domain Controller and add Splunk. Attempt to compromise a user account and achieve privilege escalation.


Home Lab #2

Azure – I have built out a small lab in Azure. Consisting of a Domain Controller and a few dummy machines. My goal was to provide AD access to my home lab. I was able to use some of the resources such as account access on my home lab. It was proposed as a work experiment to if Azure Active Directory could provide cloud coverage to multiple locations. My research has shown that AAD does not support Hybrid environments in that context, probably why Microsoft changed the name to Entra. To expand on that though, what if I just spun up a domain controller and tried to join it. My results were that, while it is possible – Azure does not always keep the same IP nor does my home IP. It proved difficult to update my home lab with the correct DNS entries since DNS was hosted on the Azure platform. On top of that, the cost of running AD in the cloud did not prove to make a business case to justify the overhead cost when I applied it to my work business problem.


Work Related

SolarWinds – I was handed this beast of a product that had at least 5 SolarWinds products baked in. For those who don’t know SolarWinds is a monitoring and alerting appliance that has a large umbrella as to additional individual products such as PAM or IAM. I took over this and it was barely functional at the time. I put all the pieces together and built out a fairly decent monitoring and alerting platform. The updates were cumbersome due to the required order to update the entire product. No we weren’t using it at the time it got breached excepted in a very limited capacity and I had already moved on.

PRTG – I proof of concept this product, got business approval and migrated from SolarWinds. This required to design the flow of data in a logical comprehensible flow. Each server or device needed to be allowed to talk through SNMP and being primarily windows I was able to script out the registry and services changes. I had to create a template for what sensors needed to be added depending on how critical the sensor or server was. I designed the alerts and tweaked each sensor from a baseline to reduce noise and created a balance to have meaningful alerts depending solely at my discretion with input from various teams. I built the libraries which are just a blanket set of rules of when to alert. I used the data it collected in a SIEM like way. I was able to make hardware recommendations from baselines, help software developers with code issues, and track & troubleshoot issues such as memory leaks or network spikes / dips. I also used PRTG to monitor certain events that were of particular interest to security.

WSUS – Windows Update Server allowed centralized management of what updates were approved and specifically when they are approved. Updates could sometimes take servers offline if they decided to update whenever Microsoft told them to so I was tasked with coming up with a solution. I spun this up and used a GPO to point the servers to the WSUS server while the WSUS got updates whenever it saw new updates. The pending updates for the server could then be on a “Waiting for approval” status until the updates were vetted and testing in less critical areas first. This was also a huge time saver for my department as we managed the updates for over 500 servers. We could approve the updates Friday into Saturday morning and have the first round ready for rebooting at our scheduled time on Saturday evening.

Zoom – I was tasked with migrating off a hard phone system to a VOIP system. I’ve worked with phone systems before so this was a relatively easy task. When I was hired on this was a stipulation of employment, this project was on hold for about a year before I came on board and needed to be finished within 6 months. The project had no direction and was nothing more than a shell with a few test lines. I wiped out all the settings and began gather details on the current phone system such as users, departments, how it was used by interviewing department heads and users within individual departments. I then created a rough draft of an outline and plan of action. I began exporting user data from the old system and importing it into the new system which the two systems were incapable of reading each others data. I was able to have the phone system in a working state within 2 weeks. The final details were going back to each department showing them how I designed it and getting feedback of any changes that needed to be made. After another few weeks all users were in the system and the changes were finalized, call queues were built out, auto attendants were properly mapped, extensions assigned, I even rebuilt the existing teams chat into zoom. I had meetings with those who used the phone more often with training sessions, Q&A, built manuals for setup and KB articles for support, everyone was issued headsets. There was some hesitation due to people resisting change and from management that they couldn’t believe it was done as fast as it was or had reservations about disrupting the business. About 3 months went by with the project waiting for someone to pull the trigger when an unfortune disaster hit the phone lines knocking the out for an unknown amount of time. The good news is that the phone system was sitting there ready to take action. The main company phone number was up within an hour as it had to be ported in and the phone system handled the call volume load with ease. I monitored the situation from the time the phone lines went down to the end of the business day. This was watching the network traffic, keeping an eye on the application logs and monitoring volume, reaching out to users to check audio quality or issues, and looking for tickets that may suggest zoom or the network were having problems. Overall, it was a smashing success with the unfortune hour delay. The other part is that I believe it took about 3 days for the phone lines to be repaired and had the phone system not been waiting would have caused significant loss of business. I still maintain ownership and administration over the system including licensing and meetings.