Select Page

Containment.Eradication.Recovery

Vulnerability Assessment, Threat Detection & Incident Response

Welcome to my corner of the internet where I journal cybersecurity
hands-on investigations and projects using Enterprise tools such as:
Azure VMs, SIEM, Microsoft Defender for Endpoint, Nessus, Wireshark 
and Nmap to detect and analyze real-world threats.

Detect.Analyze.Protect

Vulnerability Assessment

Perform vulnerability scans using Nessus to identify critical security weaknesses. Analyze CVSS scores, prioritize risks, and recommend remediation strategies to reduce attack surface.

Threat Detection & Investigation

Identify and analyze suspicious activity using Microsoft Defender for Endpoint and SIEM tools. Experienced in investigating process behavior, network connections, and endpoint alerts to determine potential threats.

Network Analysis & Enumeration

Conduct network reconnaissance and traffic analysis using Nmap and Wireshark. Identify open ports, running services, and unusual traffic patterns that may indicate security risks.

 Protecting Against Modern Cyber Threats

Today's digital landscape connects billions of devices, systems, and users across the globe, creating unprecedented opportunities alongside equally significant vulnerabilities. Cybersecurity has emerged as a fundamental pillar of modern society, demanding immediate attention from individuals, organizations, and governmental institutions worldwide.

Malware

Malware is software created to harm or misuse a computer or network. It includes things like viruses, worms, trojans, ransomware, spyware, and adware. These programs can get into a system without permission, cause damage, or allow someone to access data they shouldn’t have.

  • Viruses attach themselves to normal programs and spread when those programs are run. They can damage or delete data, slow down a computer, and interrupt normal use.
  • Worms copy themselves and spread on their own, often taking advantage of weaknesses in networks.
  • Trojans look like safe or useful software but actually carry harmful functions, such as giving someone remote access to a system.
  • Ransomware locks a person’s data and demands payment to unlock it, which can stop work and cause financial loss.
  • Spyware runs in the background and secretly tracks what a user is doing, collecting things like login details and financial information.
  • Adware shows unwanted ads and may also track user activity for marketing purposes.

SQL Injection

SQL injection is a method where an attacker enters harmful database commands into input fields on a website. If the input is not properly checked, the attacker can interact with the database in unintended ways. This can lead to viewing or changing data, deleting records, or even gaining control of the system.

Zero-Day Exploits

A zero day exploit takes advantage of a weakness in software or hardware that the developer does not know about yet. Because there is no fix available at the time, attackers can use it to gain access or cause damage before the issue is discovered and corrected.

Advance Persistent Threats (APTs)

An advanced persistent threat is a long term attack where a skilled group gains access to a system and stays there without being noticed. The goal is usually to collect sensitive information or interfere with how the system works. These attacks are often carried out by well resourced groups, including those linked to governments.

Insider Threat

An insider threat comes from someone within an organization, such as an employee, contractor, or partner. It can happen when a person intentionally misuses access to steal data or cause damage, or when mistakes are made, like falling for a phishing email or handling sensitive information carelessly.

Social Engineering

Social engineering is when someone tricks people into giving away sensitive information or doing something that puts security at risk. It works by taking advantage of human behavior, such as trust or panic, often using tactics like pretending to be someone else or creating a sense of urgency.

Web-Based Threats

Web based threats happen when a user interacts with a compromised or unsafe website. These threats can lead to stolen information, unwanted system changes, or malware being installed without the user realizing it.

  • Cross site scripting is when harmful code is added to a web page. When someone visits the page, the code runs and can steal data or take over their session.
  • Drive by downloads happen when malware is installed on a device simply by visiting a compromised website or clicking a link, often without any clear action from the user.
  • Browser hijacking changes a user’s browser settings without permission. This can redirect them to unsafe websites or show unwanted content, sometimes to generate revenue or support phishing attempts.

Man-in-the-Middle (MitM) Attacks

This type of attack happens when someone secretly intercepts communication between two parties and may even change the data being sent. The people involved are usually unaware that this is happening. It can occur on unsecured Wi Fi networks, through compromised routers, or when weak communication methods are used.

These attacks can lead to stolen data, unauthorized actions, and exposure of sensitive information.

Phishing Attacks

Phishing is when someone tries to trick people into giving up sensitive information like usernames, passwords, or credit card details. This is usually done through fake emails, messages, or websites that look real.

  • Spear phishing is more targeted. The attacker focuses on a specific person or organization and tailors the message to make it more convincing.
  • Whaling is a type of spear phishing aimed at high level individuals, such as executives or people in leadership positions.
  • Vishing involves phone calls. The attacker pretends to be from a trusted service and tries to get personal or financial information over the phone.
  • Smishing uses text messages. These messages often contain links or requests that try to get the user to share personal information or visit a harmful site.

Denial of Service (DoS) &,Distributed Denial of Service (DDoS) Attacks

A denial of service attack tries to make a system or website unavailable by sending a large number of requests that overwhelm it. When this comes from a single source, it is called a DoS attack. When it comes from many devices at the same time, it is called a distributed denial of service attack.

These attacks can slow down or completely stop a service, leading to downtime, financial loss, and damage to an organization’s reputation.

Web-Based Threats

Web based threats happen when a user interacts with a harmful or compromised website or service. These threats can lead to data theft, unwanted changes to the system, or malware being installed without the user knowing.

  • Cross site scripting is when an attacker places harmful scripts into a web page. When someone visits the page, the script runs and can steal information or take over the user’s session.
  • Drive by downloads happen when malware is installed on a device just by visiting a compromised website or clicking a link, without any clear action from the user.
  • Browser hijacking changes browser settings without permission. This can redirect users to unsafe websites or show unwanted content, often to make money or support phishing attacks.

Social Engineering

Social engineering is when someone tricks people into giving away sensitive information or doing something that puts security at risk. It works by taking advantage of human behavior, such as trust or panic, often using tactics like pretending to be someone else or creating a sense of urgency.