WinLogTracker – Windows Security Event Log Monitor
Objective: Developed a Python-based security monitoring tool that analyzes Windows Security Event Logs in real time to detect suspicious system activity. The project focuses on practical cybersecurity monitoring techniques such as authentication tracking, event parsing, and incremental log processing.
- Real-Time Log Monitoring: Continuously scans Windows Security Event Logs for new events without reprocessing previous entries.
- Threat Detection: Identifies common security events such as failed logins, account lockouts, and privilege escalation attempts.
- Incremental Processing: Tracks the last processed event to avoid duplicate analysis.
- Structured Logging: Outputs alerts and findings in a clear, structured format for easier investigation.
Python
Cybersecurity
Windows Event Logs
Log Analysis
Security Monitoring
Anatomy of an Executing Program Research
Objective: Conducted a deep analysis of process creation and memory mapping
- Analyzed process-loaded libraries, syscall trace evidence, and redirected file creation evidence.
- Created architectural modeling that demonstrated findings and analysis, which included the loader and process initialization, system call execution path, interrupt and driver completion, and virtual memory layout.
Operating Systems
Threads
File Systems
Stack
Computer Architecture
Syscall Simulation: Simulated System Calls Using Interprocess Communication (IPC)
Objective: Implemented IPC using named pipes on Windows and Utilized function points (jump table) to simulate and interrupt vector table.
- Processed multiple function codes and returned responses.
- Developed a better understanding of how system calls conceptually work.
IPC
System Calls
Windows
Simulation
Security
