Projects
AEGIS
Security evaluation & policy framework for analyzing system and LLM behavior
Python • FastAPI • SQLite • Next.js • Docker • CI/CD
Problem
Traditional security tools lack visibility into LLM and agentic system behavior. Existing solutions focus on static analysis or basic prompt filtering, missing runtime policy violations, unexpected tool usage, and behavioral anomalies in production systems.
Approach
Trace-based evaluation framework that captures execution context, tool invocations, and decision paths. Policy engine evaluates behavior against defined rules with full audit trails. Designed for deterministic, reproducible security assessments.
Key Features
- Real-time detection engine with rule-based pattern matching
- Event normalization pipeline for heterogeneous log sources
- Evidence collection and alert triage dashboard
- Comprehensive test coverage with fuzzing and property-based testing
- Production-ready CI/CD with security scanning and supply chain verification
Engineering Focus
Dashboard
Security Command Center showing real-time analytics, incident trace logs, and event distribution patterns
Additional Projects
Attack Surface Scanner
Python • Certificate Transparency • TLS
Non-intrusive attack surface scanner for SaaS environments. Passive asset discovery via Certificate Transparency logs, TLS configuration analysis, security header validation, and deterministic risk scoring.
Engineering Highlights
- Zero-touch reconnaissance using CT logs and passive DNS
- TLS cipher suite analysis with known-weak detection
- Deterministic scoring model for consistent risk assessment
Cloud Signal Engine
Python • FastAPI • Detection Engineering
Production-style security detection and abuse monitoring system. Ingests and normalizes logs, runs rule-based detections, generates alerts with evidence, and provides triage UI.
Engineering Highlights
- Event normalization pipeline for heterogeneous sources
- Rule-based detection engine with pattern matching
- Evidence-based alerting with full context preservation
Cloud Pentest Lab
Terraform • Python • AWS • IAM
Reproducible AWS penetration testing environment with intentionally vulnerable configurations. Demonstrates realistic attack chains from initial access to privilege escalation.
Engineering Highlights
- Infrastructure-as-code for reproducible vulnerable environments
- Multi-stage attack chain: S3 exposure → SSRF → privilege escalation
- Automated teardown to prevent cost accumulation
WebSec Playground
Flask • OWASP • Web Security
Deliberately vulnerable web application demonstrating OWASP Top 10 vulnerabilities. Educational resource for understanding common web security flaws and exploitation techniques.
Engineering Highlights
- Realistic implementations of SQLi, XSS, IDOR, and CSRF
- Isolated environment with clear exploitation paths
- Educational focus with vulnerability explanations