AKSHAY R

Detecting Nmap Scans Using Wazuh and Suricata

• Built an Nmap scan detection lab using Wazuh and Suricata.
• Successfully detected scans using Suricata's threat rules and visualized results on the Wazuh dashboard, gaining hands-on experience in threat detection.

Splunk SSH Log Visualizer

• Designed a Splunk dashboard to visualize SSH authentication activity, including successful and failed logins.
• Detected potential brute-force patterns and mapped attacker origins using geolocation visualization.
• Enhanced incident investigation by correlating login events with IP reputation data.

Detecting Successful SSH Bruteforce with Wazuh

• Simulated SSH brute-force attack using Hydra and detected it with Wazuh, identifying multiple authentication failures followed by a successful login.
• Demonstrated Wazuh's threat detection capabilities and highlighted the importance of early detection.

Suricata + Splunk Integration Lab

• Built a lab to detect network scans and suspicious traffic using Suricata IDS and Splunk.
• Correlated Suricata alerts with UFW firewall logs for deeper detection visibility.
• Demonstrated how IDS + firewall + SIEM analysis strengthens detection engineering skills.

ImageCrypt

• A simple Python tool to encrypt and decrypt files, embedding metadata (original filename and extension) directly in the payload.
• It also allows secure key generation with automatic clipboard copy for convenience.

Splunk Cloudflare Log Visualizer

• Built a Splunk dashboard using Cloudflare HTTP request logs to monitor web traffic and server responses.
• Visualized WAF actions and global client IP distribution for security monitoring.
• Gained hands-on experience with SIEM dashboards, log analysis, and security workflows.

Wazuh + Sysmon Integration on Windows

• Integrated Windows 10 as a Wazuh agent and configured Sysmon for advanced endpoint event monitoring.
• Ingested and analyzed endpoint logs in Wazuh SIEM on Kali Linux.
• Improved endpoint visibility and threat detection through log correlation and analysis.

Cowrie Honeypot — Docker Lab

• Deployed Cowrie SSH/Telnet honeypot using Docker to capture attacker-like interactions.
• Collected and analyzed honeypot container logs for behavioral insights.
• Practiced SOC analysis skills and understanding of adversary techniques.

Nmap Network Scanning & Enumeration

• Identified live hosts and discovered open ports through active reconnaissance.
• Detected running services and versions to understand exposed attack surfaces.
• Performed operating system fingerprinting as part of ethical hacking reconnaissance.

Splunk DHCP Log Analyzer

• Analyzed DHCP logs in Splunk SIEM to monitor network and client activity.
• Extracted key fields to detect unauthorized clients and suspicious behavior.
• Visualized IP address assignments and DHCP activity using Splunk searches.

Splunk Apache Log Visualizer

• Analyzed Apache web server logs using Splunk dashboards to monitor web requests.
• Identified response patterns and detected client/server errors (4xx/5xx).
• Visualized web traffic by country to understand access patterns and anomalies.

DNS Log Analysis using Splunk

• Analyzed sample DNS logs to identify anomalies and suspicious activity.
• Investigated top DNS sources and suspicious domains through log analysis.
• Extracted relevant fields using regex to improve search and detection accuracy.

HTTP Log Analysis using Splunk

• Analyzed sample HTTP logs to identify anomalies and unusual behavior.
• Examined web traffic patterns to understand request and response trends.
• Practiced log analysis techniques for security monitoring and investigation.

Linux Digital Forensics Basics

• Acquired a Linux memory dump using AVML for forensic analysis.
• Transferred the memory image to an analysis machine using SCP.
• Practiced live memory acquisition and forensic handling workflows.

Malware Analysis Basics

• Analyzed sample malware (EICAR test file) using VirusTotal and Hybrid Analysis.
• Interpreted scan results, signatures, and behavioral indicators.
• Practiced malware analysis workflows in a safe, controlled environment.

Threat Intelligence Basics

• Analyzed Indicators of Compromise (IOCs) including hashes, IPs, and URLs.
• Identified file types, malware names, maliciousness, and reputation status.
• Assessed IP geolocation and blacklist status to support threat investigation.

Phising analysis using sample .eml file

• Analyzed phishing emails to identify malicious indicators and attack patterns.
• Used tools like VirusTotal, EML Analyzer, MXToolbox (Email Header Analyzer), and AbuseIPDB.
• Investigated headers, URLs, IP reputation, and attachments for threat assessment.

Investigating SSH brute-force using Splunk and sample auth log

• Analyzed authentication (auth) logs in Splunk to detect SSH brute-force activity.
• Identified users with the most failed login attempts and attack patterns.
• Traced source IPs linked to specific users for investigation and correlation.

Linux auth log analysis using Splunk

• Analyzed Linux authentication logs in Splunk to understand login activity.
• Identified total successful authentication events and most common event types.
• Practiced log querying and security monitoring using SIEM workflows.

Zeek log analysis using Splunk

• Analyzed Zeek network logs in Splunk to monitor client and service activity.
• Identified top 10 client IPs and most common network services.
• Created tables based on connection duration for traffic analysis and investigation.

Vulnerability Detection using Wazuh

• Performed vulnerability detection using Wazuh.
• Identified known vulnerabilities from endpoint and system data.
• Practiced SIEM-based vulnerability monitoring workflows.

Detecting nmap scans using Wazuh and Suricata

• Detected Nmap scanning activity using Wazuh and Suricata.
• Analyzed network alerts and logs to identify reconnaissance behavior.
• Practiced intrusion detection and threat monitoring workflows.

Detecting nmap scans and bruteforce attempts using Wazuh and Suricata

• Detected Nmap scanning and SSH brute-force attacks using Wazuh and Suricata.
• Analyzed alerts and correlated events to identify attack patterns.
• Practiced intrusion detection and security monitoring workflows.

Configuration assessment using Wazuh

• Performed configuration assessment using Wazuh.
• Evaluated system security configurations against baseline policies.
• Practiced compliance and posture monitoring workflows.

Detecting successful ssh bruteforce with Wazuh

• Detected successful SSH brute-force attempts using Wazuh.
• Analyzed authentication logs and alerts to confirm compromise indicators.
• Practiced incident detection and SOC investigation workflows.

Detecting file modifications using Wazuh

• Detected file modifications using Wazuh File Integrity Monitoring (FIM).
• Monitored unauthorized changes to critical system files.
• Practiced integrity monitoring and alert analysis workflows.

Cryptix

• Developed Cryptix, a command-line encryption/decryption tool supporting AES, DES, RSA, and Blowfish.
• Implemented text, file, and binary encryption, including key generation.
• Added usability features like clipboard copy and flexible input handling.

Password Cracking Resistance Analyzer

• Built a Node.js password strength checker with real-time analysis.
• Evaluated password complexity and checked exposure against Have I Been Pwned API.
• Improved user security awareness by identifying weak or compromised passwords.

VirusTotal File Analyzer

• Developed a Python-based VirusTotal file analyzer to automate malware checks.
• Implemented SHA-256 hashing, database lookups, conditional uploads, and result retrieval.
• Added retry handling and clean, formatted output for reliable analysis.

Multi-Factor Authentication System

• Developed a Multi-Factor Authentication (MFA) system using Flask, HTML, CSS, and JavaScript.
• Implemented multiple authentication factors to strengthen account security.
• Reduced unauthorized access risk by adding an extra verification layer.