Blog
Security lab writeups and technical deep dives.
Analyzing Network Traffic with tcpdump: Detecting Brute Force Attacks and .env Probing
A hands-on walkthrough of using tcpdump to analyze PCAP files, detect WordPress brute-force attacks with Hydra, identify .env probing attempts, and understand why plaintext HTTP is dangerous in production environments.
Wireshark Packet Analysis: Investigating a 628K-Packet Capture for Attack Patterns
How to use Wireshark's protocol hierarchy, conversation statistics, and HTTP stream following to investigate a large PCAP, reconstruct a successful WordPress brute-force login, and export HTTP objects from captured traffic.
AWS VPC Flow Log Analysis: Investigating 173K Records to Map an Attacker's Full Kill Chain
A hands-on walkthrough of analyzing AWS VPC Flow Logs at scale: extracting 33K attacker flows from 579 compressed log files, quantifying 265MB of data exfiltration on a non-standard port, determining the attack timeframe, and confirming the complete attack surface using PCAP-to-NetFlow conversion with nfpcapd and nfdump.
Password Auditing with John the Ripper and Hashcat: Cracking Office, NTLM, and Linux Hashes
A hands-on walkthrough of password auditing across four hash types: extracting and cracking an Office 2013 encrypted spreadsheet, NTLM hashes, and Linux SHA-512 crypt passwords using John the Ripper with a CeWL wordlist, demonstrating brute-force infeasibility with Hashcat, and expanding 1,552 words into 4M+ candidates with word-mangling rules to crack passwords the base wordlist missed.
More posts coming as I complete additional labs and certifications.