Cybersecurity-Portfolio

Welcome to my cybersecurity portfolio! This repository showcases my learning journey, technical skills, projects, certifications, and career aspirations in the field of cybersecurity. It serves as a digital CV to demonstrate my growth and passion for securing critical systems and networks ^ ^

About Me

Hi! My name is KK, and I am a cybersecurity enthusiast dedicated to learning and applying best practices to protect systems and data. Currently, I am pursuing a master’s degree in cybersecurity, with a focus on penetration testing and threat analysis.

Current Role: Student
Passion: I have a strong interest in penetration testing and helping companies enhance their security posture. Sometimes, I participate in bug bounty programs and stay updated on the latest security trends.
Fun Facts: When I’m not working on cybersecurity, I enjoy singing, coding, gaming, and exploring new technologies.

Technical Skills

Tools:

Network Analysis: Wireshark, tcpdump

Penetration Testing: Metasploit, Burp Suite, Cobalt Strike, Kali, Nikto,nmap

Malware Analysis: IDA Pro, Ghidra, Hybrid Analysis, Volatility, Cuckoo Sandbox

SIEM Tools: Splunk, ELK Stack, Graylog, AlienVault

Cloud Security Tools: AWS Inspector, Azure Security Center, Google Cloud Security Command Center

Web Application Security Tools: AWVS,Nessus

Programming Languages:

• Python
• Bash
• Java
• Golang

Concepts and Frameworks:

1.Vulnerability Management: Identifying, assessing, and mitigating vulnerabilities in systems and networks
2.Incident Response Lifecycle: Detection, identification, containment, eradication, recovery, and lessons learned

3.Secure Software Development Lifecycle (SDLC): Security measures integrated into each phase of software development
4.Networking (TCP/IP, Firewalls, VPN, DNS): Understanding and securing network protocols, configuring and maintaining firewalls, securing virtual private networks (VPNs)
5.Threat Intelligence: Collecting, analyzing, and disseminating actionable information regarding potential cyber threats
6.Risk Management: Identifying, assessing, and prioritizing risks to systems and data, followed by implementation of mitigation measures
7.Advanced Persistent Threats (APT): Identifying and defending against prolonged and targeted cyberattacks

8.Red Team / Blue Team Exercises: Offensive (Red) and defensive (Blue) security practices to simulate and defend against real-world attacks
9.Social Engineering: Manipulating people to gain unauthorized access to systems or data 10.Zero Trust Architecture: Designing systems with the assumption that threats exist both inside and outside the network

Certifications and Training

Below are my completed and ongoing certifications, along with additional training and platforms I use to enhance my cybersecurity skills:

Certifications:

• CompTIA Security+ (Completed)
• Certified Information Security Professional (CISP) (Completed)
• HTB Certified Penetration Testing Specialist(CPTS) (In Progress)

Training and Platforms:

Hack The Box (HTB):
Active member of HTB, solving real-world penetration testing challenges and improving my hands-on hacking skills.
Completed multiple machines in categories like web exploitation, privilege escalation, and reverse engineering.

TryHackMe:
Regularly practice cybersecurity scenarios and labs to gain practical experience.

OWASP Top 10 Workshop:
Hands-on workshop focused on web application security vulnerabilities listed in the OWASP Top 10.
Explored real-world examples of SQL Injection, Cross-Site Scripting (XSS), and Insecure Deserialization.

Cybersecurity by Cisco Networking Academy:
Learned the basic principles of cybersecurity, including cryptography, network defense, and threat intelligence.

Project Experience

Below are two key projects that I have completed to demonstrate my practical skills in cybersecurity:

Project 1: Comprehensive Vulnerability Assessment

Objective: Conducted a vulnerability assessment on local and external-facing assets to identify and mitigate security risks, leveraging both passive and active reconnaissance techniques.
Tools Used: Shodan, Nmap, Dirsearch, Sublist3r, Xray, Metasploit

Methodology:

1. Passive Information Gathering with Shodan:
   • Used Shodan to perform passive reconnaissance, identifying publicly exposed services, devices, and their associated metadata.
   • Collected information on open ports, service banners, and potential vulnerabilities for external-facing assets.
2. Active Information Gathering with Nmap:
   • Conducted network scans using Nmap to enumerate open ports, running services, and operating system information.
   • Used Nmap Scripting Engine (NSE) to detect vulnerabilities such as outdated software versions, default credentials, and misconfigurations.
3. Subdomain Enumeration:
   • Used sublist3r enumeration tools to discover additional subdomains, expanding the attack surface for potential vulnerabilities.
4. Directory Scanning with Dirsearch:
   • Performed directory brute-forcing on web servers using Dirsearch to locate hidden or sensitive directories, including admin panels and backup files.
5. Vulnerability Scanning with Xray:
   • Utilized Xray scanner to identify critical vulnerabilities in web applications, including SQL injection, Cross-Site Scripting (XSS), and file inclusion vulnerabilities.
6. Exploitation and Post-Exploitation with Metasploit:
   • Leveraged Metasploit Framework to simulate exploitation of identified vulnerabilities in a controlled environment, including privilege escalation and lateral movement.
   • Performed post-exploitation tasks, such as gathering sensitive information, system enumeration, and setting up persistence, to assess the impact of the vulnerabilities.

Outcome:

• Successfully uncovered 8 critical vulnerabilities, including exposed sensitive directories, SQL inject,XSS, File Upload Vulnerability in web applications.
• Provided a detailed report with prioritized mitigation strategies, recommending actions such as patch management, access control updates, and enhanced monitoring.
• Strengthened the security posture of the organization by resolving all critical issues and improving overall resilience against potential attacks.

Project 2: Malware Analysis

Objective: Analyzed the behavior of a ransomware sample in a controlled environment to understand its infection mechanism.
Tools Used: IDA Pro, Ghidra, VirtualBox, Wireshark
Methodology:

• Ran the malware in an isolated virtual machine to observe its behavior.
• Used IDA Pro and Ghidra to reverse-engineer the binary and analyze its code.
• Captured network traffic with Wireshark to identify command-and-control (C2) communication patterns.
• Documented the malware’s encryption process and identified mitigation strategies.

Outcome: Produced a detailed report outlining the malware’s lifecycle, infection vectors, and steps to prevent similar attacks.

Learning Journey

What I’ve Learned So Far:

Gained a solid foundation in penetration testing, including OWASP Top10 vulnerability.
Learned to use tools like Wireshark,Nmap,Metasploit for network traffic analysis and threat detection.
Developed skills in malware reverse engineering, including static and dynamic analysis using tools like Ghidra, IDA.

Challenges:

• Malware Analysis: Understanding obfuscation techniques used by advanced malware.
• Incident Response: Developing speed and accuracy in identifying and responding to threats.

Improvement Plan:

Continue practicing malware analysis by working with real-world samples in a safe lab environment.
Enroll in advanced courses on incident response and forensic analysis.
Participate in Capture the Flag (CTF) challenges to hone practical skills.

Career Objective

My ultimate goal is to become a Certified Ethical Hacker (CEH) and work in a Security Operations Center (SOC) as a Threat Analyst or Penetration Tester. I aim to specialize in proactive threat hunting, vulnerability management, and helping organizations secure their digital infrastructure.

Contact Information

Feel free to reach out to me via the following platforms:

• GitHub: https://github.com/iimisu
• Email: 23087762@siswa.um.edu.my

GitHub Pages

This portfolio is also available as a live website:

• Website: https://iimisu.github.io