~/portfolio / projects

Projects & writeups.

Security tooling, DLP systems, lab walkthroughs, and applied web work — each one built to prove something specific.

// 01 — featured 2025

Data Loss Prevention (DLP) System

A Python-based DLP engine that monitors files, clipboard content, and outbound data streams for sensitive information — PII, credentials, payment card data, and custom-classified patterns — before exfiltration can occur.

stackPython · Regex · YARA domainData Security statusshipped

Pattern library covers SSN, Aadhaar, PAN, credit cards, API keys, and custom keyword dictionaries.
Three enforcement modes — monitor, alert, block — switchable per rule without restart.
YARA rule integration lets analysts add proprietary signatures without touching core engine code.

view details → read writeup →

// live scan output DLP

$ python dlp_scan.py --watch ./uploads

# loading 48 rules · YARA + regex

→ scanning report_q1.pdf

[ALERT] PAN detected · line 14

[ALERT] credit card # · line 31

→ scanning config.env

[BLOCK] AWS_SECRET_KEY exposed

# file transfer halted

→ scanning memo.docx

[OK] no violations found

flagship client engagement · 2026

Cybrotech.us — the company site.

cybrotech digiventure · sole designer & developer

Designed and built the public-facing site for my employer — from the homepage hero through service pages, products, and a live global threat map. The brief was "don't look like a generic security vendor." The brand voice, motion language, and copy direction shipped with it.

148+

engagements featured

service / product pages

frameworks covered

100

lighthouse target

stackNext.js · React · Vercel roledesign + build status● live

Built a live global threat map with real-time attack vector animations, top attacker / target rankings, and an alert ticker.
Translated dense service catalogs (VAPT, SOC 2, ISO 27001, GDPR, HIPAA) into scannable visual hierarchy without dropping technical depth.
Authored the brand voice and copy across the homepage, service pages, and case studies — security-confident without fear-marketing.
Shipped on Next.js & Vercel with motion-aware animations, an accessible color system, and a mobile build that doesn't compromise the map.

visit cybrotech.us ↗ services ↗ products ↗

// 03 — featured 2025

Security Policy Automation Tool

A Python automation tool that generates customized cybersecurity policies based on organizational inputs — mapped to ISO/IEC 27001 controls so the output is audit-ready, not just a Word document.

stackPython domainGovernance statusshipped

Generates customized policies aligned to ISO 27001 — access control, data protection, and IR.
Input-driven logic dynamically composes policy clauses based on organization profile.
Cuts manual policy authoring time, ensuring consistency across client engagements.

view details → read writeup →

// sample run ISO 27001

$ python gen_policy.py --org "Acme Corp"

# loading ruleset...

# mapping controls A.5 — A.18

→ access_control.md generated

→ data_protection.md generated

→ incident_response.md generated

# 3 policies · 47 controls mapped

// 04 — featured 2024

PortSwigger Web Security Lab Walkthroughs

A documented run through the PortSwigger Web Security Academy — from request interception to crafted payloads, showing how OWASP Top 10 vulnerabilities show up in real applications.

stackBurp Suite topicsOWASP Top 10 formatwriteups

Solved and documented multiple PortSwigger Academy labs end-to-end in Burp Suite.
Demonstrated SQLi, XSS, auth bypass, and broken access control with reproducible payloads.
Covered interception, manipulation, and crafting to explain real-world attack vectors clearly.

read walkthrough →

// labs covered OWASP

// sql injection

[✓] retrieve hidden data

[✓] subvert app logic

[✓] union-based extraction

// access control

[✓] horizontal escalation

[✓] idor — account takeover

// xss

[✓] reflected & stored

[✓] dom-based via fragment

// 05 2024

Network Packet Sniffer

Live packet sniffer for protocol inspection across TCP/UDP/ICMP, with structured logging suitable for downstream network forensics workflows.

Stack

Python · Scapy

Protocols

TCP · UDP · ICMP

Output

structured logs

Status

live

read notes →

// 06 2024

TryHackMe Writeups Collection

12+ published walkthroughs covering privilege escalation, enumeration, brute-force, and OSINT exercises — documented for repeatability.

Writeups

12+ published

Domains

privesc · enum · osint

Format

step-by-step md

GameByMood — mood-based game suggestion

A web app that recommends games based on the player's mood. Built end-to-end with a FastAPI backend, secure session validation, and a clean front-end written in vanilla JS/CSS.

Python FastAPI JavaScript CSS Secure API Session Validation

view details → api notes →

// API contract FastAPI

POST /suggest

# body: { mood, genre? }

→ 200 { title, score, why }

# session signed · rate-limited