welcome 2 the serious page
Hands-on cybersecurity work documented in one place.
This page collects my technical skills, Linux virtual machine lab work, VulnHub/CTF notes, cybersecurity research, and home server administration projects. The goal is to show practical, repeatable work instead of only listing tools on a resume.
01 / skills
Technical skill set
A focused overview of the tools and concepts I am actively using in coursework, IT support, home lab practice, and independent cybersecurity projects.
Systems + Networking
Development + Data
02 / linux vm home lab
Virtual lab environment
Isolated VM environment used to practice Linux administration, network configuration, scanning, enumeration, traffic analysis, defensive troubleshooting, and remediation documentation.
Lab purpose
My home lab is built to safely test cybersecurity concepts in a controlled environment. It includes Linux and Windows virtual machines, vulnerable targets, and security tools used to analyze misconfigurations, review logs, understand attack paths, and practice hardening.
Current focus areas
- Network discovery and enumeration with Nmap
- Packet capture and traffic analysis with Wireshark
- Linux command-line administration and hardening
- Basic vulnerability assessment and remediation notes
- Log review and incident response practice
03 / ctf + vulnhub
VulnHub writeups
Use this section for short, professional writeups. Each card should show the target, tools used, skills demonstrated, and the remediation lessons learned.
ctf
Mr. Robot CTF Lab
A vulnerable Linux web server CTF focused on WordPress enumeration, exposed files, credential discovery, reverse-shell access, and Linux privilege escalation. The lab follows a full attack chain from network reconnaissance to root access and three captured flags.
- Tools: Nmap, Gobuster, Burp Suite, Linux CLI
- enumeration, web testing, privilege escalation
- document the root cause and how it should be fixed
ctf
coming soon
ctf
coming soon
04 / cybersecurity research
Research notes
A place for current-event summaries and vulnerability research notes
Current Event
Writeup - Washington Hotel Japan Ransomware
This document summarizes the February 2026 ransomware attack on Washington Hotel Japan, explaining how the breach affected business systems while highlighting the company’s response efforts and data-separation practices. It also connects the incident to broader cybersecurity trends in Japan and reflects on key lessons in incident response, containment, and protecting customer information.
Current Event
Writeup - Exploitation of Cisco SD-WAN
This document summarizes the February 2026 ACSC advisory on active exploitation of Cisco SD-WAN appliances, explaining how attackers used authentication bypass vulnerabilities to gain access, add rogue peers, and achieve root-level persistence. It also highlights why SD-WAN compromise is especially serious for organizations, connects the incident to broader network security and CVE response concerns, and reflects on key lessons in patching, remediation, advisory tracking, and protecting trusted infrastructure.
Current Event
Writeup - Polish Energy Infrastructure Attacks
This document summarizes the December 2025 cyberattacks on Polish energy infrastructure, explaining how Russian-linked threat actors targeted power and heat facilities with destructive malware during a period of extreme cold. It also examines the attribution debate between Russia’s FSB and Sandworm, connects the incident to broader Russia–Poland cyber escalation after the invasion of Ukraine, and reflects on key lessons in OT security, critical infrastructure defense, attribution, and destructive cyber threat response.
Current Event
Writeup - Fortinet Zero-Day Exploitation
This document summarizes the April 2026 active exploitation of Fortinet’s FortiClient EMS zero-day vulnerability, CVE-2026-35616, explaining how unauthenticated remote code execution created major risk for organizations using exposed endpoint management systems. It also highlights Fortinet’s emergency hotfix response, the vulnerability’s addition to CISA’s Known Exploited Vulnerabilities catalog, and key lessons in patch management, internet exposure reduction, management server security, and defending against fast-moving zero-day exploitation.
Current Event
Writeup - Cyberattacks Against the UK
This document summarizes the April 2026 Associated Press article on nation-state cyberattacks against the United Kingdom, explaining how hostile governments such as Russia, Iran, and China are increasingly using cyber operations to target national security, infrastructure, and business systems. It also connects the rise in nationally significant cyber incidents to broader trends in international conflict, critical infrastructure protection, artificial intelligence, and the growing need for stronger cybersecurity preparation.
05 / cybersecurity research
IT Auditing and Analysis
A place for current-event summaries and vulnerability research notes
Web Log Analysis
AndroxGh0st Web Log Analysis: Probing Without Confirmed Compromise
This page presents a one-day web access log review of superiorschedule.com to assess AndroxGh0st-style probing, scanner activity, and possible compromise indicators. The analysis found repeated attempts against sensitive paths like .env, .git/config, PHPUnit, and web-shell-related endpoints, but no confirmed successful compromise in the reviewed sample.
wireshark analysis
Wireshark Incident Summary: Asco Limited Workstation Malware Infection
This page summarizes a February 2021 packet-capture investigation of an Asco Limited workstation infected after downloading malicious files from an external website. The analysis traces the infection timeline, identifies indicators of compromise, and explains how Hancitor/Chanitor, Cobalt Strike, and Ficker Stealer activity appeared in the network traffic.
Change Audit
Gee Mail Change Control Audit: Deployment Approval and Segregation of Duties Review
This page presents a change control audit of 43 Gee Mail production deployments, evaluating whether each change was approved by a manager before release. The analysis found 93% compliance, with three exceptions where developers approved their own changes, creating a segregation-of-duties risk.
password audit
Blue Yarrow Unicorns Password Audit: Cracked Hashes and Authentication Risk
This page reviews Blue Yarrow Unicorns’ password creation and storage practices using a dataset of 5,097 employee password hashes. The audit found that 876 hashes, or about 17.2%, were cracked with rockyou.txt, highlighting weak password choices and the risk of storing passwords with unsalted MD5.
06 / home server
Home server administration
This section shows practical systems administration: service hosting, backups, user permissions, monitoring, patching, access control, and secure configuration.
Core services
- Shared file storage and organized permissions
- Remote access configured with limited exposure
- Backup planning and routine maintenance
- Service monitoring and uptime checks
Security practices
- Regular OS and software updates
- Strong credentials and account reviews
- Minimal exposed services
- Network segmentation and log checks
07 / proof of work
What this page documents
01
I can build and maintain technical environments, not just talk about cybersecurity concepts.
02
I can document findings, explain risk, and connect technical issues to remediation steps.
03
I can use common security tools in a controlled and ethical lab environment.
04
I can combine IT support, systems administration, networking, and security fundamentals.