Lakshan Sameera
Undergraduate
View Profile
Showcase Your Work, Get Noticed!
Your projects deserve the spotlight! Share your best work, inspire others, and open doors to new opportunities. Whether you're a student or a pro, this is your stage to shine.
Get visibility from recruiters & peers- Build your portfolio & personal brand
- Connect with like-minded developers
Let's put your work in front of the right people!
Similar Projects
Penetration Testing Simulation for Securing Organizational Systems (Penetration Testing - Ethical Hacking)
Penetration Testing Simulation for Securing Organizational Systems Conducted an in-depth penetration test and vulnerability assessment on a simulated organizational infrastructure using tools like OpenVAS, Nmap, Metasploit, and Armitage. Delivered a detailed report highlighting critical vulnerabilities, potential attack vectors, and actionable mitigation strategies. Skills include vulnerability assessment, web application testing (OWASP), and network traffic analysis Offensive - Red Teaming Nov 2024 - Dec 2024 https://drive.google.com/file/d/1su0VYpCo_uA5Cqt72cM-U48rPjYZEWlj/view?usp=share_link This project involved a full-scope penetration test as part of the PUSL3132 Ethical Hacking coursework, simulating advanced cyberattacks against the internal network infrastructure of Clarke’s Ceylon Team . The objective was to simulate a real-world black-box attack, identify critical security vulnerabilities, exploit weaknesses within legal and ethical boundaries, and deliver a robust set of technical and strategic recommendations to strengthen the organization's security posture. 🎯 Project Objectives: Vulnerability Discovery : Systematically identify technical weaknesses, insecure protocols, outdated software, and misconfigurations. Exploit Simulation : Emulate real-world cyberattack patterns using industry-standard ethical hacking tools. Risk Analysis : Quantify the severity of identified threats based on business impact and likelihood of exploitation. Remediation Roadmap : Recommend a layered approach combining immediate technical fixes with long-term governance and awareness strategies. Ethical Compliance : Ensure that all activities were conducted in strict accordance with legal, academic, and professional ethical standards. 🧪 Testing Methodology: 1. Planning and Reconnaissance Established a controlled, legally authorized penetration testing environment with a defined scope and rules of engagement. Gathered organizational data using WHOIS lookups , DNS interrogation , and network footprinting . Conducted active reconnaissance using Nmap , identifying open ports, exposed services, OS versions, and potential entry points. 2. Scanning and Vulnerability Assessment Leveraged OpenVAS to conduct an in-depth vulnerability scan across exposed systems and services. Discovered multiple high-risk vulnerabilities , including: CVE-2006-349 : Buffer overflow vulnerability in Microsoft SMB implementation. CVE-2010-1301 : Remote code execution flaw in Microsoft Windows. Identified systemic weaknesses such as outdated SMBv1 protocols , default credentials , and weak service configurations . 3. Exploitation Used the Metasploit Framework to exploit the MS17-010 (EternalBlue) vulnerability, which enabled remote code execution and full system compromise. Achieved privileged access through a Meterpreter session , simulating post-exploitation steps such as: Extracting NTLM password hashes Enumerating user privileges Establishing persistent access Confirmed the feasibility of lateral movement and privilege escalation under real-world conditions. 4. Risk Evaluation Prioritized identified vulnerabilities using a custom risk matrix assessing: Exploitability (likelihood) Business impact (data exposure, privilege escalation) System criticality (core services, domain controllers) Classified critical threats such as remote code execution via SMB and plaintext credentials as requiring immediate attention. 5. Remediation & Recommendations Delivered technical recommendations : Immediate patching of outdated systems and critical CVEs Disabling legacy protocols (e.g., SMBv1) Implementation of strong password policies and account lockout mechanisms Proposed strategic improvements : Deployment of IDS/IPS solutions like Snort or Suricata for continuous traffic monitoring Regular vulnerability scans and penetration testing as part of security operations Cybersecurity awareness training for staff to address human factor vulnerabilities Development of a formal Incident Response Plan 🔍 Key Findings: Exploitable EternalBlue (MS17-010) vulnerability granting full administrative access Misconfigured SMB shares and lack of network segmentation Weak password hygiene, including default and guessable credentials Use of unsupported and unpatched software Lack of visibility into unauthorized access attempts ⚔️ Challenges Overcome: Maintained strict ethical alignment , ensuring all attacks remained within scoped boundaries Managed tool compatibility issues and resource limitations by configuring a custom testing environment Performed manual validation of automated scan results to reduce false positives and enhance report accuracy Synthesized highly technical data into a structured and readable professional report for non-technical stakeholders 📈 Outcome & Impact: Delivered a comprehensive penetration testing report that included: Executive summary Technical findings Proof-of-concept screenshots Impact analysis A phased remediation plan Empowered Clarke’s Ceylon Team with actionable insights to mitigate immediate risks and build long-term resilience against evolving cyber threats. Gained deep practical experience in real-world offensive security operations , reporting , and security consulting . ✅ Skills Demonstrated: Advanced use of penetration testing frameworks and vulnerability scanners Strong understanding of exploitation techniques , network protocols , and post-exploitation procedures Proficiency in technical documentation , risk communication, and stakeholder reporting Ability to translate findings into practical, strategic security enhancements This project stands as a testament to my ability to perform end-to-end penetration testing engagements , apply industry best practices , and deliver high-value cybersecurity insights to strengthen enterprise networks.
Comprehensive Digital Forensics Report for Cybersecurity Incident Response (Digital Forensics)
🧩 Digital Forensic Investigation into Unauthorized Data Exfiltration at ABC Company Coursework : PUSL3133 – Digital Forensics & Malware Analysis Category : Blue Team | Digital Forensics | Email Analysis | Evidence Acquisition Timeline : November 2024 – December 2024 Tools Used : FTK Imager, Autopsy, Volatility, Kernel PST Viewer, Wireshark, MXToolbox 🔗 Project Report This project involved conducting a comprehensive digital forensic investigation into a suspected internal data breach at ABC Company , simulating a real-world corporate security incident. The goal was to apply formal forensic methodologies to collect, preserve, and analyze digital evidence related to unauthorized data access and exfiltration via email systems and network activity. 🎯 Project Objectives: Quantify the Scope of the Breach : Identify the volume and sensitivity of data compromised to assess potential damage. Preserve Forensic Integrity : Follow chain-of-custody protocols to ensure digital evidence remained legally admissible. Attribution Analysis : Determine whether the threat originated internally or externally using forensic artifacts and user activity logs. Security Enhancement : Propose actionable technical and procedural improvements to prevent similar incidents in the future. 🔍 Investigation Process & Technical Highlights: 1. Digital Evidence Acquisition Used FTK Imager to create bit-for-bit forensic disk images , ensuring accuracy and reproducibility of the evidence. Captured hash values , timestamps, and metadata to validate integrity throughout the analysis. Collected relevant artifacts including system logs, browser history, email files (.PST), and encrypted file containers. 2. Email Forensics & Steganography Detection Leveraged Autopsy , Kernel PST Viewer , and MXToolbox to parse and analyze stored email data. Conducted email header analysis to: Identify signs of email spoofing and unauthorized sender identity. Detect authentication failures related to SPF, DKIM, and DMARC configurations. Flagged embedded attachments suspected of hiding exfiltrated data, and conducted steganography checks to uncover concealed payloads. 3. Network Activity Correlation Despite the lack of .pcap files, used correlated timestamps and DNS lookup tools to track suspicious IP activity . Analyzed inbound and outbound email communications and mapped these to known malicious indicators using VirusTotal and threat intel databases. Identified external IPs with history of abuse and potential links to threat actor infrastructure. 💡 Findings & Key Insights: Confirmed a successful email-based data exfiltration , where confidential documents were attached to spoofed emails and sent to an external unauthorized domain. Authentication misconfigurations were found, making ABC Company’s email server vulnerable to spoofing and phishing. Lack of endpoint controls allowed potentially sensitive files to be exfiltrated without triggering alarms. 🛠️ Recommendations: Technical Mitigations : Enforce SPF, DKIM, and DMARC protocols to validate incoming/outgoing emails. Deploy endpoint DLP (Data Loss Prevention) mechanisms and advanced EDR agents. Implement real-time monitoring and anomaly detection for sensitive file access. Organizational Measures : Launch cybersecurity awareness training with emphasis on phishing and suspicious email recognition. Develop a clear incident response playbook with email breach scenarios. Schedule periodic email audits and internal penetration tests targeting exfiltration paths. ⚔️ Challenges & Solutions: Data Gaps : Network traffic captures were unavailable. Overcame this by using metadata and timestamps to reconstruct user actions. Evidence Integrity : Ensured all files were analyzed under strict forensic conditions, maintaining chain of custody for each artifact. Tool Coordination : Effectively used a combination of tools across disk imaging, email parsing, and threat verification to develop a cohesive investigative narrative. 🧠 Skills Demonstrated: Expert use of FTK Imager , Autopsy , and Volatility for deep forensic analysis Proficient in email header parsing , metadata interpretation , and protocol-level threat detection Strong understanding of data confidentiality principles , forensic integrity , and incident handling frameworks Capable of writing high-quality technical documentation and delivering findings to both technical and non-technical audiences 📈 Outcome & Impact: This project served as a hands-on simulation of a professional digital forensics engagement. It provided a real-world opportunity to: Detect and reconstruct unauthorized access and data exfiltration Apply industry-standard forensic techniques aligned with legal and ethical standards Deliver a complete forensic report that could be used for executive briefings or legal action The experience reinforced practical skills in email forensics, forensic imaging, network correlation , and security consulting , establishing a strong foundation for working in DFIR, SOC, or compliance-focused cybersecurity roles .
🛡️🔓 OSSEC HIDS: Detecting the EternalBlue (MS17-010) Exploitation (Security Operations - OSSEC HIDS (Host Based Intrusion Detection System) )
🛡️🔓 OSSEC HIDS: Detecting the EternalBlue (MS17-010) Exploitation Category : Blue Team & Red Team | Host-Based Intrusion Detection | Exploit Simulation Timeline : January 2025 Tools Used : OSSEC HIDS, Metasploit, Kali Linux, Windows 7 SP1, Ubuntu, OSSEC Web UI 🔗 Read Full Article This project explored the end-to-end detection of the EternalBlue exploit (MS17-010) using OSSEC , an open-source Host-Based Intrusion Detection System (HIDS). Designed as a cross-functional Red and Blue Team exercise , it simulated a real-world cyberattack in a controlled lab environment and demonstrated how OSSEC can effectively detect and log malicious activity in real-time—underscoring the importance of proactive host-level security monitoring. ⚙️ Project Overview & Objectives: Simulate a real-world EternalBlue attack using Metasploit and observe system behavior. Configure OSSEC HIDS to detect critical Indicators of Compromise (IoCs) resulting from the exploitation. Evaluate OSSEC’s role in real-time alerting, log analysis, and response recommendations . Provide strategic defensive recommendations to harden infrastructure against future attacks. 🧪 Technical Implementation: 1. Lab Environment Design Deployed a fully functional testbed: Attacker : Kali Linux Target : Windows 7 SP1 (vulnerable to MS17-010) Monitoring System : Ubuntu running OSSEC HIDS (server + agent setup) Enabled OSSEC Web UI for real-time log analysis and visual alert monitoring. 2. OSSEC HIDS Deployment & Configuration Installed and configured OSSEC server and agents, ensuring secure communication between endpoints. Tuned OSSEC alerting thresholds and rule sets , focusing on: User account creation (Rule ID: 18110) Group membership modifications (Rule ID: 18223) Suspicious SMB-related activity 3. Simulated Attack – EternalBlue Exploitation Executed the MS17-010 exploit via Metasploit to gain unauthorized access to the Windows 7 machine. Simulated post-exploitation actions : Created new user accounts Elevated privileges Accessed sensitive directories and services These actions were monitored and flagged in real-time by OSSEC, validating its detection capabilities. 4. Intrusion Detection & Log Analysis OSSEC generated high-severity alerts corresponding to each major malicious action: Unauthorized account creation Group privilege changes SMB traffic anomalies Logs were reviewed using both the OSSEC Web UI and log files for correlation and attack reconstruction. Attack patterns were clearly identified, mapped against known IoCs , and documented. 📌 Key Findings & Security Gaps Identified: Vulnerable SMB protocol (v1) exposed the system to remote code execution. Lack of account privilege controls allowed attackers to escalate without detection pre-OSSEC. Absence of SIEM/log aggregation prior to OSSEC left the network blind to subtle attack signs. 🛡️ Recommendations & Mitigations: Technical Defenses : Immediate patching of all systems vulnerable to MS17-010 Disable SMBv1 across all Windows hosts Harden user account controls and implement multi-factor authentication Monitoring Enhancements : Integrate OSSEC logs into SIEM platforms (e.g., Splunk, Azure Sentinel) for centralized visibility Configure automated response mechanisms for high-severity events Strategic Improvements : Enforce network segmentation to contain lateral movement Launch internal Red vs Blue simulations to improve team preparedness 🧠 Skills Demonstrated: Host-based intrusion detection configuration and optimization Exploitation of known vulnerabilities using Metasploit (Red Team skillset) Real-time log analysis and rule-based alert correlation Secure system architecture design in lab environments Translation of technical evidence into clear incident reports and strategic recommendations 📈 Outcome & Impact: The project provided a hands-on demonstration of how modern HIDS solutions can effectively detect and log complex threats like EternalBlue in real time. It also showcased how defensive tools can be enhanced through attacker mindset simulations , bridging the gap between Red and Blue Team operations. Through this exercise, I gained a deeper understanding of host-level detection , alert management, and post-exploit activity tracking , while reinforcing the importance of layered security and proactive monitoring in today’s evolving threat landscape.
🌐 Azure Sentinel (SIEM) Lab: Real-Time RDP Attack Detection with PowerShell (Cloud Security - Blue Teaming Security Operations )
🌐 Azure Sentinel (SIEM) Lab: Real-Time RDP Attack Detection with PowerShell Category : Blue Team | SIEM | Threat Monitoring | Automation Timeline : May 2024 Tools Used : Azure Sentinel, PowerShell, ipgeolocation.io , Windows Event Viewer, Visual Studio Code, GitHub 🔗 Project Article This project presents a cloud-native Security Information and Event Management (SIEM) lab built on Microsoft Azure Sentinel , designed to detect and analyze failed RDP login attempts in real time . By leveraging a custom PowerShell script , telemetry from a honeypot virtual machine is processed, enriched with attacker geolocation data using the ipgeolocation.io API , and visualized through Azure Sentinel’s advanced dashboards. 🎯 Objective & Scope: Detect failed Remote Desktop Protocol (RDP) login attempts via Windows Event Logs. Automate log parsing and enrichment using PowerShell and third-party APIs . Feed data into Azure Sentinel for real-time security visibility and threat correlation. Visualize geographic trends of brute-force attack origins, enhancing situational awareness and incident response planning . 🧪 Architecture & Workflow: 1. Honeypot Setup & Data Collection A Windows-based honeypot VM was configured to simulate a vulnerable endpoint and attract RDP brute-force attempts. Event ID 4625 (failed login) was continuously collected from Windows Event Viewer , serving as the primary data source for the SIEM integration. 2. PowerShell Automation Developed a PowerShell script to: Parse Windows Security Event Logs Extract failed RDP login attempts, source IPs, and timestamps Query the ipgeolocation.io API to retrieve geolocation data (country, region, coordinates) Format and forward this enriched telemetry to Azure Sentinel 3. SIEM Integration – Azure Sentinel Configured Log Analytics Workspace in Azure and connected it to the honeypot VM. Telemetry from the script was sent to Azure Sentinel using custom log ingestion pipelines . Built interactive dashboards and maps to: Visualize attacker IP geolocation Track attack frequency over time Spot abnormal patterns such as IP clusters or regional anomalies 4. Demonstration Results RDP brute-force attempts from Pakistan and Sri Lanka were detected within hours. Custom dashboards showed real-time global attack maps , IP clustering, and repeated access patterns. Self-generated traffic (controlled test attacks) validated detection accuracy and visualization effectiveness. 📌 Technologies & Utilities Used: PowerShell – Core scripting logic to parse logs, automate API requests, and structure event data Azure Sentinel – SIEM platform for centralized monitoring, query analysis (KQL), and threat detection ipgeolocation.io – IP-to-geolocation enrichment service for external attacker attribution Visual Studio Code – Script development and debugging GitHub – Project repository hosting, collaboration, and documentation 🔗 GitHub Repo : Azure Sentinel RDP Detection Lab 🧠 Key Skills Demonstrated: SIEM configuration & log integration using Microsoft Azure PowerShell scripting for log automation and API integration Real-time threat monitoring using custom event correlation Data enrichment & visualization for actionable threat intelligence Building scalable and reusable detection logic for enterprise defense 💡 Future Enhancements: Enable real-time alerting for suspicious login patterns using Azure Sentinel Playbooks. Integrate with additional threat intelligence feeds (AbuseIPDB, AlienVault OTX) for context-aware detection. Automate incident response workflows using Logic Apps and Azure Functions. Enhance dashboard interactivity using Power BI embedded insights within Sentinel. ✅ Outcome & Impact: This project showcased the ability to build a fully functional SIEM detection lab from scratch , combining PowerShell automation , telemetry integration , and cloud-based threat visibility . It reinforced practical capabilities in log analysis , event correlation , security automation , and Blue Team defense architecture , making it a powerful portfolio piece for SOC roles, cloud security, and SIEM engineering.
🧠 Reverse Shell – Remote Administration Tool (RAT) (Hacking Tool - Offensive Security )
🧠 Reverse Shell – Remote Administration Tool (RAT) Category : Red Team | Remote Access | Malware Simulation | Ethical Hacking Timeline : June 2024 Skills Demonstrated : Network Programming, Ethical Malware Development, Remote System Control 🔗 Full Article 🔗 GitHub Repository This project involved designing and developing a fully functional Remote Administration Tool (RAT) with reverse shell capabilities, tailored for ethical use in cybersecurity awareness training, Red Team simulation labs, and secure remote support. Inspired by real-world offensive security tools, this RAT serves as a controlled environment to understand adversarial tactics and test detection capabilities in Blue Team environments . 🔧 Core Capabilities & Features: 📺 Live Screen Streaming : Monitor the target’s desktop in real-time to simulate surveillance scenarios. 📸 Screenshot Capture : Snap full-screen images on demand for documentation or forensic collection. 🎥 Webcam Access : Capture still images or video streams from the target’s webcam, simulating advanced spyware behavior. 📂 File Transfer : Retrieve files from the compromised machine, simulating data exfiltration. 🌍 Location Tracking : Use public IP-based geolocation APIs to approximate the victim’s location. 💻 Remote Command Execution : Send and execute shell commands on the target system to demonstrate control escalation. 📦 Easy Deployment : Delivered as a compiled standalone executable for seamless distribution during training simulations. 🧪 Technical Implementation: Reverse TCP Shell : Custom socket-based communication between the listener (attacker) and client (target) with encrypted payload delivery. Multi-threaded Server Design : Enables handling multiple sessions concurrently with efficient resource management. Camera & Screen Modules : Utilizes native APIs and libraries to access visual interfaces without triggering common AV heuristics. Geolocation API Integration : Leverages third-party services (e.g., ip-api.com ) to map attacker reach. Command Parsing Engine : Lightweight command interpreter built to execute system-level operations remotely and return output cleanly. ⚠️ Security & Ethical Considerations: This project is strictly intended for educational , defensive simulation , and ethical research purposes. It complies with academic and ethical guidelines for malware development and has been used in controlled environments for awareness, incident response testing, and SOC training labs. 🛠️ Technologies Used: Languages : Python (core), PowerShell (payload delivery), C# (for GUI packaging and executables) Libraries : socket , os , cv2 , pyautogui , requests , threading Environments : Kali Linux (listener), Windows 10 (target), VMware for testing Tools Used for Testing : Wireshark (packet inspection), Defender & AV bypass tests, Static/Dynamic analysis tools 🧠 Skills Demonstrated: Low-level network socket programming and reverse shell communication Offensive security development and malware simulation System and API interaction for device control (screen, webcam, files) Secure and efficient command handling over untrusted networks Ethical use and documentation of Red Team tactics for Blue Team defense 📈 Impact & Use Cases: Used to simulate attacker behavior for SIEM and endpoint detection rule development. Trained SOC analysts to recognize and respond to C2 (Command & Control) behavior. Demonstrated how remote access malware operates , fostering awareness in defensive security teams and end users. 🔁 Future Enhancements: Add persistence mechanisms for full malware simulation. Integrate TLS encryption for secure C2 communications. Build a centralized dashboard for session management and attacker tools. Expand to cross-platform compatibility (Linux/macOS targets). If you're working in threat detection, offensive security, or want to build malware defense capabilities, this project provides a unique opportunity to explore how real-world RATs operate , how to simulate them responsibly, and how to build detection logic against such threats.
🧠 Key Logger with Email Notifications: A Comprehensive Cybersecurity Monitoring Tool (KeyLogger - Offensive Security Tool )
🧠 Key Logger with Email Notifications: A Comprehensive Cybersecurity Monitoring Tool Category : Red Team | Offensive Security | Malware Simulation | System Monitoring Timeline : May 2024 Languages & Frameworks : C#, .NET Framework 4.5+ 🔗 Full Guide & Demo 🔗 GitHub Repository This project involves the development of a feature-rich keylogger application designed for cybersecurity awareness, user behavior analysis, and ethical remote monitoring . Built using C# and the .NET Framework, the application runs stealthily in the background, logging keystrokes, capturing screenshots, tracking URLs, retrieving IP-based geolocation data, and sending this information periodically via email. 🔐 Core Features: ⌨️ Keystroke Logging : Captures all user keystrokes in real-time, saving them to secure logs. 🌐 Browser URL Tracking : Monitors user activity across major browsers (Chrome, Firefox, IE, Edge) by tracking visited URLs. 📸 Screenshot Capture : Takes periodic full-screen screenshots to enhance context around user activity. 🌍 IP-based Geolocation : Uses the system’s public IP to determine the user’s physical location and includes this in reports. 📧 Automated Email Notifications : Sends all captured data — logs, screenshots, and metadata — to a configured email address at set intervals. ⚙️ Environment Variable Configuration : Fully customizable via environment variables, including email credentials, log paths, and notification frequency. 🛠️ Technologies Used: Language : C# Framework : .NET Framework 4.5+ IDE : Visual Studio Email Services : SMTP-based email automation Geolocation : IP-based lookup using third-party APIs File I/O & Screenshot Libraries : .NET System APIs Distribution : Compiled as an executable for silent background deployment 🧪 How It Works: The keylogger starts as a background process upon execution. It begins monitoring and recording keystrokes into a temporary log. At specified intervals or after reaching a keystroke threshold, it: Captures a screenshot Collects browser history Retrieves location data Sends all data to a configured email address After sending, the log is archived and rotated. ⚙️ Customizable Environment Variables: EMAIL_ADDRESS : The email used to send reports EMAIL_PASSWORD : Authentication password LOG_FILE_NAME , SCREENSHOT_FILE_NAME , etc.: Custom paths for logs and screenshots INCLUDE_LOG_AS_ATTACHMENT , INCLUDE_SCREENSHOT_AS_ATTACHMENT : Boolean flags for email content MAX_LOG_LENGTH_BEFORE_SENDING_EMAIL : Size trigger for email dispatch MAX_KEYSTROKES_BEFORE_WRITING_TO_LOG : Frequency of writing to disk 🧠 Skills Demonstrated: Windows API programming and system-level process interaction Secure and efficient log handling Email automation using .NET’s System.Net.Mail Experience with information gathering , geolocation APIs , and persistent malware simulation Understanding of ethical red teaming and legal limitations of monitoring tools ⚠️ Ethical Use Only : This tool is developed strictly for educational purposes , cybersecurity awareness , and controlled environments . Unauthorized use to monitor individuals without consent violates laws and ethical standards. Always ensure legal compliance and proper authorization before deploying. ✅ Practical Applications : Cybersecurity Training : Simulate keylogging malware for awareness and response testing Parental Control : Track and protect child safety online in authorized settings Employee Device Auditing : Monitor compliance in managed corporate environments with explicit consent Red Team Labs : Use as part of advanced adversarial simulation exercises 📈 Outcome & Impact : This project bridges system programming and offensive cybersecurity. It showcases your ability to build a fully functional surveillance tool for simulation and training, and demonstrates proficiency in developing secure, automated monitoring systems. It’s a standout example of your C# development , security tooling , and ethical hacker mindset .