Arsenal
Learning by building — security tools and projects crafted while transitioning from data analytics to cybersecurity.
Phishing URL Detector
ML-powered tool that analyses URLs and detects phishing attempts by extracting features like domain entropy, subdomain depth, URL length, and HTTPS presence.
Trained a Random Forest classifier on the UCI Phishing dataset (11,055 samples). Achieves 96.2% accuracy. Features include URL length, subdomain count, HTTPS presence, domain entropy, and TLD analysis.
StegoVault — LSB Steganography Tool
Python tool to hide and extract secret messages inside PNG images using LSB (Least Significant Bit) steganography — with optional AES-256 encryption before embedding.
Encodes text into the least significant bits of RGB pixel values. Optional AES-256 encryption with a passphrase protects the payload. Built after encountering steganography challenges in CTFs.
Password Analyzer
CLI tool that scores password strength using entropy analysis and the zxcvbn algorithm — checks against known breach lists and gives actionable improvement feedback.
Scores passwords against a local rockyou wordlist, calculates Shannon entropy, and uses the zxcvbn algorithm for realistic crack-time estimates. Built to understand how attackers evaluate credentials.
Mobile Pentest Lab
A hands-on mobile security testing environment using an Android emulator, Burp Suite for traffic interception, and Frida for dynamic instrumentation of mobile apps.
Full setup guide for intercepting Android HTTPS traffic, bypassing SSL pinning with Frida, and analysing APKs. All testing done on intentionally vulnerable apps (DIVA, InsecureBankv2).
Raspberry Pi Pi-hole DNS Firewall
A Raspberry Pi-based network-wide DNS sinkhole that blocks ads, trackers, and known malicious domains for every device on the local network — no per-device config needed.
Deployed Pi-hole on a Raspberry Pi 4 as a local DNS resolver. Added custom blocklists for malware C2 domains and phishing sites. Logs all DNS queries for traffic analysis and anomaly detection.
Phishing Email Analysis Pipeline
Automated pipeline that ingests raw phishing emails, extracts IOCs (URLs, IPs, domains), enriches them via threat intelligence APIs, and generates structured analysis reports.
Parses email headers and bodies to extract URLs and attachment hashes. Queries VirusTotal and URLhaus for threat context. Outputs structured JSON reports with risk scores and IOC graphs.
VirtualBox Home Lab
A fully isolated virtual home lab for practising penetration testing safely — attack machine, vulnerable targets, and network monitoring all running locally on a standard laptop.
Full lab build including Host-Only network segmentation, Kali attack machine, Metasploitable2 target, and Windows Server. Includes setup scripts, network configs, and documented walkthroughs.
Idox Planning Enricher
A Python data enrichment tool that automates extraction, cleaning, and enrichment of UK planning application data from Idox public portals — built during data analyst work.
Scrapes and parses planning application data across multiple local authority portals, normalises inconsistent field formats, and enriches records with geospatial data for analysis.
AWS Kali VM Setup
Infrastructure-as-code setup for deploying a hardened Kali Linux penetration testing machine on AWS EC2 — with security group hardening and automated tooling configuration.
Uses Terraform and cloud-init to spin up a hardened Kali EC2 instance. Security groups restrict SSH to your IP only. Includes automated tool installation and teardown scripts to minimise cost.
Malware Analysis Lab
A safe, isolated malware analysis environment combining static and dynamic techniques — built to study malware behaviour without risking the host system.
Isolated VM network with snapshots. Static analysis using strings, Detect-It-Easy, and YARA rules. Dynamic analysis with Process Monitor and Wireshark to capture runtime behaviour and document IOCs.