Aim of this repo is to display the different projects I've worked on during the last months.
A cybersecurity learner enrolled in the CSS EFA Program at SCI, building hands-on skills across both offensive (red team) and defensive (blue team) disciplines. My background is in IT Infrastructure, System Admin, Network, Automation, IT Support and I'm currently focused on transitioning into a SOC Analyst or Penetration Tester role in Switzerland.
- 🎯 Currently studying: Ethical Hacking, SIEM, Malware Analysis, Phishing Simulation
- 🚩Swiss Cyber Institute modules completed: Communication & Leadership, ATT&CK Frameworks, Risk Rating (CIA/CVSS/CVE/DREAD), Vulnerability Scanning, Network Analysis, Scan & Simulate Attacks, Certification & Encryption, Network Basic & Analysis, Basic Hardening, Email Communication Investigation, Intrusion Detection Systems.
- 🛡️ Platforms: TryHackMe · HackTheBox · CyberDefenders · LetsDefend
- 🔬 My Own Security Labs: GNS3, WMware Workstation Pro, VirtualBox
- 📬 Open to: SOC Analyst · Junior Pentester · Blue Team roles
🔴 Red Team Labs ← click to open
Offensive security · Penetration testing · Exploitation · Phishing simulation
| # | Lab | Tools | Status |
|---|---|---|---|
| 01 | Network Penetration Testing | nmap · Metasploit · Hydra | ✅ Complete |
| 02 | GoPhish Phishing Simulation & Offensive Email Attack Chain | GoPhish · Zphisher · SET · Ngrok · Cloudflared · Postfix | ✅ Complete |
| 03 | WordPress Pentest (Bigware/Dockerlabs) | Nmap · Wappalyzer · WPScan · Python exploit · Browser DevTools · Netcat | 🔧 In Progress |
| 04 | Web App Security Analysis (Burp Suite / OWASP ZAP) | Burp Suite · OWASP ZAP · Browser DevTools | 🔜 Coming soon |
🛡️ Blue Team Labs ← click to open
Forensics · SIEM · Network analysis · Certificate auditing · Email security
| # | Lab | Tools | Status |
|---|---|---|---|
| 01 | Network Traffic Forensics (Phishing PCAP) | Wireshark · TShark · VirusTotal | ✅ Complete |
| 02 | Home Network Security Audit | netdiscover · nmap · Hydra | ✅ Complete |
| 03 | Web App Security — Certificate Analysis | nmap NSE · sslyze · openssl | ✅ Complete |
| 04 | SIEM & Endpoint Detection (Wazuh) | Wazuh v4.14.3 · OpenSearch (internal) · systemctl · SSH | ✅ Complete |
| 05 | Email Security Gateway — Proxmox Mail Gateway | Docker · Postfix · PMG · swaks · Thunderbird | ✅ Complete |
🔍 Incident Response Labs ← click to open
DFIR · Windows forensics · Attack simulation · IR reporting
| # | Lab | Tools | Status |
|---|---|---|---|
| 01 | SMB Brute Force Attack & Windows Forensics | CrackMapExec · EZ Tools · EvtxECmd | ✅ Complete |
| 02 | Wayne Corp IR Simulation (Week 4) | KAPE · Timeline Explorer · EvtxECmd | 🔜 Coming soon |
| Category | Tools |
|---|---|
| Scanning & Recon | nmap · netdiscover · Wireshark · TShark · NetworkMiner |
| Exploitation | Metasploit · Hydra · CrackMapExec |
| Web App Testing | Burp Suite · OWASP ZAP |
| Certificate Analysis | nmap NSE · sslyze · sslscan · openssl · telnet · csvlook |
| SIEM & Monitoring | Wazuh v4.14.3 · OpenSearch (internal) |
| Email Forensics | emlAnalyzer · CyberChef · MXToolbox · analyze.py |
| Phishing Simulation | GoPhish · Zphisher · SET · swaks |
| Email Gateway | Proxmox Mail Gateway · Postfix · Dovecot · SpamAssassin · ClamAV |
| Tunneling | Ngrok · Cloudflared · LocalXpose |
| Windows Forensics | PECmd · AmcacheParser · AppCompatCacheParser · EvtxECmd |
| Containerization | Docker · docker-compose |
| Scripting | PowerShell · Bash · Python |
| Platforms | Kali Linux · Windows 10/11 · Metasploitable 2 · VirtualBox |
- 🎓 Swiss Cyber Institute — Cybersecurity Specialist Program (in progress)
- 🎓 Swiss Cyber Institute — Certified Security Professional Training (completed)
- 🟩 TryHackMe — SOC Level 1 Path (in progress)
- 📦 HackTheBox — Sherlocks (Blue Team) (in progress)
- 🛡️ CyberDefenders — Blue Team Labs (in progress)
All penetration testing and offensive security activities documented in this portfolio were conducted exclusively in:
- Isolated personal lab environments (VMs with no external connectivity)
- Authorized external targets (vuln.land)
- Simulated environments provided by training platforms (THM, HTB)
No unauthorized systems were accessed. All work complies with Swiss law and ethical hacking standards.