Real-world cybersecurity investigations documented using professional DFIR methodology. Each case includes full scenario, MITRE ATT&CK mapping, IOCs, detection strategy, and analyst reasoning.
Spear-phishing on ABC Manufacturing Finance employee. M365 harvest, auto-forwarding rules, impossible travel detection. Full L1/L2 response.
USB AutoRun exploit, PowerShell LOLBin, C2 beaconing port 4444, registry persistence. Memory forensics and org-wide threat hunt.
Black-box VAPT. SQLi CVSS 9.8, XSS CVSS 9.3, LFI CVSS 8.6. 7 findings with OWASP methodology. Burp Suite, SQLMap, Nikto, Nmap.
First structured TI report correlating MutaEngine, VRV Security, and Zorvyn FinTech. 18+ IOCs, 3 BTC wallets, 8-phase attack chain, MITRE mapping.
847 failed attempts detected via SIEM. Attacker IP traced, Sigma rule created, contained in 6 minutes. Linux auth log analysis.
Investigated two fraudulent internship operations. Hidden fees, malicious links, domain spoofing, Gmail company emails, WhatsApp onboarding.
Splunk + Sysmon correlation rules detecting multi-stage attacks. Process injection, registry persistence, and lateral movement identification.
Kerberoasting, Pass-the-Hash, privilege escalation, ghost LSASS detection via Volatility. RTL × 0xDelta Research Week 5 Technical Precision Award.
Single-file HTML web app replacing Excel/Word for tracking 472 officers across 26 sections. Custom rank sorting (CO→2i/c→rank descending→DOP→SVN), CRUD operations, Word export.
AI-powered health triage platform built for GDG OAU × Google hackathon, Health track. Gemini API for symptom analysis, FastAPI backend, React frontend.
Full SOC simulation platform — alert triage dashboard, IR playbook, evidence locker, threat intel feed, report generator. Phase 1 built.
Open to remote SOC, DFIR, threat intelligence, and cybersecurity roles globally. Relocation-ready.
Open to Remote SOC Roles · Relocation Ready (AU/CA/US/NZ/UAE) · cybernate22@gmail.com
Hire Me