Welcome to my cybersecurity repository. This repository serves as a practical, hands-on archive of cybersecurity practice that I accumulated and this guide will help you navigate the resources I have compiled.
This repository is divided into five core pillars:
This section contains raw and sanitized output from Nessus security assessment tools. It demonstrates my methodology for identifying vulnerabilities across different environments (including cloud infrastructure and enterprise networks).
- Network & Port Scans: Nmap scan outputs detailing open ports, service versions, and OS fingerprinting.
- Vulnerability Assessments: Reports generated from tools like Nessus or OpenVAS, categorized by CVSS (Common Vulnerability Scoring System) severity.
- Cloud Configurations: Scans of Azure environments demonstrating misconfigurations in identity and access management (IAM) or storage accounts.
Contains the steps and documentation used to close the vulnerabilities found in the scans.
- Step-by-Step Patching Guides: Documentation on how to mitigate specific CVEs.
- Architecture Adjustments: Explanations for editing the networks to implement Zero Trust principles or network segmentation.
Documentation of ISO 27001 simulated control implementation within Microsoft Azure.
- Practice Documentation on ISO 27001 and my practice mapping it to my current projects.
To understand the current threat landscape, this folder contains analyses and summaries of famous cybersecurity breaches and industry reports. PUrpose is to study them, understand what happened, and what could be done to prevent the attack.
- Incident Post-Mortems: Deep dives into famous breaches.
- Threat Actor Tactics: Breakdowns of how advanced persistent threats (APTs) mapped to the MITRE ATT&CK framework during these historical events.
- Lessons Learned: Strategic takeaways on how modern security frameworks (like NIST or CMMC) could have prevented these disasters.
Contains practical GRC exercises, including risk assessments, threat modeling, and simulated audits for a mock financial technology environment.