Lakshan Sameera
Undergraduate
View Profile
Showcase Your Work, Get Noticed!
Your projects deserve the spotlight! Share your best work, inspire others, and open doors to new opportunities. Whether you're a student or a pro, this is your stage to shine.
Get visibility from recruiters & peers- Build your portfolio & personal brand
- Connect with like-minded developers
Let's put your work in front of the right people!
Similar Projects
Penetration Testing Simulation for Securing Organizational Systems (Penetration Testing - Ethical Hacking)
Penetration Testing Simulation for Securing Organizational Systems Conducted an in-depth penetration test and vulnerability assessment on a simulated organizational infrastructure using tools like OpenVAS, Nmap, Metasploit, and Armitage. Delivered a detailed report highlighting critical vulnerabilities, potential attack vectors, and actionable mitigation strategies. Skills include vulnerability assessment, web application testing (OWASP), and network traffic analysis Offensive - Red Teaming Nov 2024 - Dec 2024 https://drive.google.com/file/d/1su0VYpCo_uA5Cqt72cM-U48rPjYZEWlj/view?usp=share_link This project involved a full-scope penetration test as part of the PUSL3132 Ethical Hacking coursework, simulating advanced cyberattacks against the internal network infrastructure of Clarkeโs Ceylon Team . The objective was to simulate a real-world black-box attack, identify critical security vulnerabilities, exploit weaknesses within legal and ethical boundaries, and deliver a robust set of technical and strategic recommendations to strengthen the organization's security posture. ๐ฏ Project Objectives: Vulnerability Discovery : Systematically identify technical weaknesses, insecure protocols, outdated software, and misconfigurations. Exploit Simulation : Emulate real-world cyberattack patterns using industry-standard ethical hacking tools. Risk Analysis : Quantify the severity of identified threats based on business impact and likelihood of exploitation. Remediation Roadmap : Recommend a layered approach combining immediate technical fixes with long-term governance and awareness strategies. Ethical Compliance : Ensure that all activities were conducted in strict accordance with legal, academic, and professional ethical standards. ๐งช Testing Methodology: 1. Planning and Reconnaissance Established a controlled, legally authorized penetration testing environment with a defined scope and rules of engagement. Gathered organizational data using WHOIS lookups , DNS interrogation , and network footprinting . Conducted active reconnaissance using Nmap , identifying open ports, exposed services, OS versions, and potential entry points. 2. Scanning and Vulnerability Assessment Leveraged OpenVAS to conduct an in-depth vulnerability scan across exposed systems and services. Discovered multiple high-risk vulnerabilities , including: CVE-2006-349 : Buffer overflow vulnerability in Microsoft SMB implementation. CVE-2010-1301 : Remote code execution flaw in Microsoft Windows. Identified systemic weaknesses such as outdated SMBv1 protocols , default credentials , and weak service configurations . 3. Exploitation Used the Metasploit Framework to exploit the MS17-010 (EternalBlue) vulnerability, which enabled remote code execution and full system compromise. Achieved privileged access through a Meterpreter session , simulating post-exploitation steps such as: Extracting NTLM password hashes Enumerating user privileges Establishing persistent access Confirmed the feasibility of lateral movement and privilege escalation under real-world conditions. 4. Risk Evaluation Prioritized identified vulnerabilities using a custom risk matrix assessing: Exploitability (likelihood) Business impact (data exposure, privilege escalation) System criticality (core services, domain controllers) Classified critical threats such as remote code execution via SMB and plaintext credentials as requiring immediate attention. 5. Remediation & Recommendations Delivered technical recommendations : Immediate patching of outdated systems and critical CVEs Disabling legacy protocols (e.g., SMBv1) Implementation of strong password policies and account lockout mechanisms Proposed strategic improvements : Deployment of IDS/IPS solutions like Snort or Suricata for continuous traffic monitoring Regular vulnerability scans and penetration testing as part of security operations Cybersecurity awareness training for staff to address human factor vulnerabilities Development of a formal Incident Response Plan ๐ Key Findings: Exploitable EternalBlue (MS17-010) vulnerability granting full administrative access Misconfigured SMB shares and lack of network segmentation Weak password hygiene, including default and guessable credentials Use of unsupported and unpatched software Lack of visibility into unauthorized access attempts โ๏ธ Challenges Overcome: Maintained strict ethical alignment , ensuring all attacks remained within scoped boundaries Managed tool compatibility issues and resource limitations by configuring a custom testing environment Performed manual validation of automated scan results to reduce false positives and enhance report accuracy Synthesized highly technical data into a structured and readable professional report for non-technical stakeholders ๐ Outcome & Impact: Delivered a comprehensive penetration testing report that included: Executive summary Technical findings Proof-of-concept screenshots Impact analysis A phased remediation plan Empowered Clarkeโs Ceylon Team with actionable insights to mitigate immediate risks and build long-term resilience against evolving cyber threats. Gained deep practical experience in real-world offensive security operations , reporting , and security consulting . โ Skills Demonstrated: Advanced use of penetration testing frameworks and vulnerability scanners Strong understanding of exploitation techniques , network protocols , and post-exploitation procedures Proficiency in technical documentation , risk communication, and stakeholder reporting Ability to translate findings into practical, strategic security enhancements This project stands as a testament to my ability to perform end-to-end penetration testing engagements , apply industry best practices , and deliver high-value cybersecurity insights to strengthen enterprise networks.
Security Operations - Network Intrusion Analysis and Detection for DevonCinema (Security Operations and Network Intrusion Analysis)
Security Operations & Network Intrusion Analysis for DevonCinema Category : Blue Team | Network Forensics | Intrusion Detection Timeline : January 2025 Tools Used : Wireshark, Snort, VirusTotal ๐ Project Report This project involved a simulated incident response engagement focused on analyzing and mitigating a targeted cyberattack on the DevonCinema network . The investigation used advanced network forensics techniques and intrusion detection systems to uncover malicious activities, reconstruct the attack timeline, and propose a resilient, multi-layered defense strategy. ๐งฉ Project Overview: A suspicious increase in network activity triggered a security review within the DevonCinema infrastructure. Through deep packet inspection , custom rule-based intrusion detection , and indicators of compromise (IoC) correlation , this project dissected an incident involving unauthorized downloads, Command-and-Control (C2) behavior , and lateral movement attempts โultimately simulating a real-world compromise involving Remote Access Trojans (RATs) . ๐ Key Achievements & Technical Contributions: 1. Advanced Network Traffic Analysis Conducted full inspection of captured .pcap files using Wireshark , leveraging both graphical and protocol-layer analysis. Identified suspicious activity including: Unusual HTTP GET requests downloading .exe payloads. Encrypted outbound connections suggestive of C2 beaconing. SMB and RPC traffic spikes consistent with lateral movement techniques. Extracted file hashes from payloads and validated against VirusTotal , confirming the presence of Remcos RAT . 2. Intrusion Detection with Custom Snort Rules Deployed Snort IDS in a lab environment to detect network-based intrusions. Authored custom Snort signatures targeting: Malicious HTTP user-agent strings Unusual ICMP patterns (used for covert signaling) Indicators of C2 traffic over SSL/TLS Validated detections by replaying .pcap traffic and correlating alerts with known IoCs. Confirmed repeatable detection of the Remcos C2 communication through both payload and metadata inspection. 3. Infection Attribution & Incident Response Planning Pinpointed the infected host as 10.0.90.215 through traffic correlation and endpoint behavior. Identified the timeline of compromise โ including initial access, payload retrieval, RAT installation, and C2 communications. Developed a detailed incident report documenting: Attack vectors Payload behavior Affected hosts Risk impact Aligned analysis with the NIST Incident Handling Guidelines (800-61 Rev.2) to provide structured response actions. ๐ก Recommendations & Defensive Strategy: Immediate Actions : Isolate infected endpoint(s) and revoke external C2 access. Remove Remcos artifacts and rotate compromised credentials. Infrastructure Improvements : Deploy an enterprise-grade IDS/IPS system across ingress and egress points. Integrate packet inspection and flow monitoring with a SIEM solution for better visibility and correlation. Enforce least-privilege principles , hardened endpoint configurations, and robust patching schedules. Long-Term Mitigation : Launch cybersecurity awareness training targeting phishing and social engineering resistance. Implement automated alerting and playbooks to support faster detection and response. Schedule regular network traffic baselining and anomaly detection routines . ๐ง Skills Demonstrated: Deep understanding of packet-level analysis and intrusion patterns Creation and tuning of Snort IDS rulesets Forensic investigation techniques for network-based attacks Threat intelligence integration using tools like VirusTotal Application of incident response frameworks (NIST) in simulated environments Technical writing and structured incident reporting ๐ Outcome & Impact: The project successfully simulated a real-world Blue Team investigation, reinforcing core competencies in network forensics , threat detection , and incident response planning . The result was a professional-grade report with actionable insights that could significantly reduce detection and response time in similar real-world scenarios. This project showcased not only technical skills in IDS configuration and forensic analysis , but also the ability to translate raw network data into operational security decisions , a critical skill in any Security Operations Center (SOC) or Blue Team role.
Comprehensive Digital Forensics Report for Cybersecurity Incident Response (Digital Forensics)
๐งฉ Digital Forensic Investigation into Unauthorized Data Exfiltration at ABC Company Coursework : PUSL3133 โ Digital Forensics & Malware Analysis Category : Blue Team | Digital Forensics | Email Analysis | Evidence Acquisition Timeline : November 2024 โ December 2024 Tools Used : FTK Imager, Autopsy, Volatility, Kernel PST Viewer, Wireshark, MXToolbox ๐ Project Report This project involved conducting a comprehensive digital forensic investigation into a suspected internal data breach at ABC Company , simulating a real-world corporate security incident. The goal was to apply formal forensic methodologies to collect, preserve, and analyze digital evidence related to unauthorized data access and exfiltration via email systems and network activity. ๐ฏ Project Objectives: Quantify the Scope of the Breach : Identify the volume and sensitivity of data compromised to assess potential damage. Preserve Forensic Integrity : Follow chain-of-custody protocols to ensure digital evidence remained legally admissible. Attribution Analysis : Determine whether the threat originated internally or externally using forensic artifacts and user activity logs. Security Enhancement : Propose actionable technical and procedural improvements to prevent similar incidents in the future. ๐ Investigation Process & Technical Highlights: 1. Digital Evidence Acquisition Used FTK Imager to create bit-for-bit forensic disk images , ensuring accuracy and reproducibility of the evidence. Captured hash values , timestamps, and metadata to validate integrity throughout the analysis. Collected relevant artifacts including system logs, browser history, email files (.PST), and encrypted file containers. 2. Email Forensics & Steganography Detection Leveraged Autopsy , Kernel PST Viewer , and MXToolbox to parse and analyze stored email data. Conducted email header analysis to: Identify signs of email spoofing and unauthorized sender identity. Detect authentication failures related to SPF, DKIM, and DMARC configurations. Flagged embedded attachments suspected of hiding exfiltrated data, and conducted steganography checks to uncover concealed payloads. 3. Network Activity Correlation Despite the lack of .pcap files, used correlated timestamps and DNS lookup tools to track suspicious IP activity . Analyzed inbound and outbound email communications and mapped these to known malicious indicators using VirusTotal and threat intel databases. Identified external IPs with history of abuse and potential links to threat actor infrastructure. ๐ก Findings & Key Insights: Confirmed a successful email-based data exfiltration , where confidential documents were attached to spoofed emails and sent to an external unauthorized domain. Authentication misconfigurations were found, making ABC Companyโs email server vulnerable to spoofing and phishing. Lack of endpoint controls allowed potentially sensitive files to be exfiltrated without triggering alarms. ๐ ๏ธ Recommendations: Technical Mitigations : Enforce SPF, DKIM, and DMARC protocols to validate incoming/outgoing emails. Deploy endpoint DLP (Data Loss Prevention) mechanisms and advanced EDR agents. Implement real-time monitoring and anomaly detection for sensitive file access. Organizational Measures : Launch cybersecurity awareness training with emphasis on phishing and suspicious email recognition. Develop a clear incident response playbook with email breach scenarios. Schedule periodic email audits and internal penetration tests targeting exfiltration paths. โ๏ธ Challenges & Solutions: Data Gaps : Network traffic captures were unavailable. Overcame this by using metadata and timestamps to reconstruct user actions. Evidence Integrity : Ensured all files were analyzed under strict forensic conditions, maintaining chain of custody for each artifact. Tool Coordination : Effectively used a combination of tools across disk imaging, email parsing, and threat verification to develop a cohesive investigative narrative. ๐ง Skills Demonstrated: Expert use of FTK Imager , Autopsy , and Volatility for deep forensic analysis Proficient in email header parsing , metadata interpretation , and protocol-level threat detection Strong understanding of data confidentiality principles , forensic integrity , and incident handling frameworks Capable of writing high-quality technical documentation and delivering findings to both technical and non-technical audiences ๐ Outcome & Impact: This project served as a hands-on simulation of a professional digital forensics engagement. It provided a real-world opportunity to: Detect and reconstruct unauthorized access and data exfiltration Apply industry-standard forensic techniques aligned with legal and ethical standards Deliver a complete forensic report that could be used for executive briefings or legal action The experience reinforced practical skills in email forensics, forensic imaging, network correlation , and security consulting , establishing a strong foundation for working in DFIR, SOC, or compliance-focused cybersecurity roles .
๐ก๏ธ๐ OSSEC HIDS: Detecting the EternalBlue (MS17-010) Exploitation (Security Operations - OSSEC HIDS (Host Based Intrusion Detection System) )
๐ก๏ธ๐ OSSEC HIDS: Detecting the EternalBlue (MS17-010) Exploitation Category : Blue Team & Red Team | Host-Based Intrusion Detection | Exploit Simulation Timeline : January 2025 Tools Used : OSSEC HIDS, Metasploit, Kali Linux, Windows 7 SP1, Ubuntu, OSSEC Web UI ๐ Read Full Article This project explored the end-to-end detection of the EternalBlue exploit (MS17-010) using OSSEC , an open-source Host-Based Intrusion Detection System (HIDS). Designed as a cross-functional Red and Blue Team exercise , it simulated a real-world cyberattack in a controlled lab environment and demonstrated how OSSEC can effectively detect and log malicious activity in real-timeโunderscoring the importance of proactive host-level security monitoring. โ๏ธ Project Overview & Objectives: Simulate a real-world EternalBlue attack using Metasploit and observe system behavior. Configure OSSEC HIDS to detect critical Indicators of Compromise (IoCs) resulting from the exploitation. Evaluate OSSECโs role in real-time alerting, log analysis, and response recommendations . Provide strategic defensive recommendations to harden infrastructure against future attacks. ๐งช Technical Implementation: 1. Lab Environment Design Deployed a fully functional testbed: Attacker : Kali Linux Target : Windows 7 SP1 (vulnerable to MS17-010) Monitoring System : Ubuntu running OSSEC HIDS (server + agent setup) Enabled OSSEC Web UI for real-time log analysis and visual alert monitoring. 2. OSSEC HIDS Deployment & Configuration Installed and configured OSSEC server and agents, ensuring secure communication between endpoints. Tuned OSSEC alerting thresholds and rule sets , focusing on: User account creation (Rule ID: 18110) Group membership modifications (Rule ID: 18223) Suspicious SMB-related activity 3. Simulated Attack โ EternalBlue Exploitation Executed the MS17-010 exploit via Metasploit to gain unauthorized access to the Windows 7 machine. Simulated post-exploitation actions : Created new user accounts Elevated privileges Accessed sensitive directories and services These actions were monitored and flagged in real-time by OSSEC, validating its detection capabilities. 4. Intrusion Detection & Log Analysis OSSEC generated high-severity alerts corresponding to each major malicious action: Unauthorized account creation Group privilege changes SMB traffic anomalies Logs were reviewed using both the OSSEC Web UI and log files for correlation and attack reconstruction. Attack patterns were clearly identified, mapped against known IoCs , and documented. ๐ Key Findings & Security Gaps Identified: Vulnerable SMB protocol (v1) exposed the system to remote code execution. Lack of account privilege controls allowed attackers to escalate without detection pre-OSSEC. Absence of SIEM/log aggregation prior to OSSEC left the network blind to subtle attack signs. ๐ก๏ธ Recommendations & Mitigations: Technical Defenses : Immediate patching of all systems vulnerable to MS17-010 Disable SMBv1 across all Windows hosts Harden user account controls and implement multi-factor authentication Monitoring Enhancements : Integrate OSSEC logs into SIEM platforms (e.g., Splunk, Azure Sentinel) for centralized visibility Configure automated response mechanisms for high-severity events Strategic Improvements : Enforce network segmentation to contain lateral movement Launch internal Red vs Blue simulations to improve team preparedness ๐ง Skills Demonstrated: Host-based intrusion detection configuration and optimization Exploitation of known vulnerabilities using Metasploit (Red Team skillset) Real-time log analysis and rule-based alert correlation Secure system architecture design in lab environments Translation of technical evidence into clear incident reports and strategic recommendations ๐ Outcome & Impact: The project provided a hands-on demonstration of how modern HIDS solutions can effectively detect and log complex threats like EternalBlue in real time. It also showcased how defensive tools can be enhanced through attacker mindset simulations , bridging the gap between Red and Blue Team operations. Through this exercise, I gained a deeper understanding of host-level detection , alert management, and post-exploit activity tracking , while reinforcing the importance of layered security and proactive monitoring in todayโs evolving threat landscape.
๐ Azure Sentinel (SIEM) Lab: Real-Time RDP Attack Detection with PowerShell (Cloud Security - Blue Teaming Security Operations )
๐ Azure Sentinel (SIEM) Lab: Real-Time RDP Attack Detection with PowerShell Category : Blue Team | SIEM | Threat Monitoring | Automation Timeline : May 2024 Tools Used : Azure Sentinel, PowerShell, ipgeolocation.io , Windows Event Viewer, Visual Studio Code, GitHub ๐ Project Article This project presents a cloud-native Security Information and Event Management (SIEM) lab built on Microsoft Azure Sentinel , designed to detect and analyze failed RDP login attempts in real time . By leveraging a custom PowerShell script , telemetry from a honeypot virtual machine is processed, enriched with attacker geolocation data using the ipgeolocation.io API , and visualized through Azure Sentinelโs advanced dashboards. ๐ฏ Objective & Scope: Detect failed Remote Desktop Protocol (RDP) login attempts via Windows Event Logs. Automate log parsing and enrichment using PowerShell and third-party APIs . Feed data into Azure Sentinel for real-time security visibility and threat correlation. Visualize geographic trends of brute-force attack origins, enhancing situational awareness and incident response planning . ๐งช Architecture & Workflow: 1. Honeypot Setup & Data Collection A Windows-based honeypot VM was configured to simulate a vulnerable endpoint and attract RDP brute-force attempts. Event ID 4625 (failed login) was continuously collected from Windows Event Viewer , serving as the primary data source for the SIEM integration. 2. PowerShell Automation Developed a PowerShell script to: Parse Windows Security Event Logs Extract failed RDP login attempts, source IPs, and timestamps Query the ipgeolocation.io API to retrieve geolocation data (country, region, coordinates) Format and forward this enriched telemetry to Azure Sentinel 3. SIEM Integration โ Azure Sentinel Configured Log Analytics Workspace in Azure and connected it to the honeypot VM. Telemetry from the script was sent to Azure Sentinel using custom log ingestion pipelines . Built interactive dashboards and maps to: Visualize attacker IP geolocation Track attack frequency over time Spot abnormal patterns such as IP clusters or regional anomalies 4. Demonstration Results RDP brute-force attempts from Pakistan and Sri Lanka were detected within hours. Custom dashboards showed real-time global attack maps , IP clustering, and repeated access patterns. Self-generated traffic (controlled test attacks) validated detection accuracy and visualization effectiveness. ๐ Technologies & Utilities Used: PowerShell โ Core scripting logic to parse logs, automate API requests, and structure event data Azure Sentinel โ SIEM platform for centralized monitoring, query analysis (KQL), and threat detection ipgeolocation.io โ IP-to-geolocation enrichment service for external attacker attribution Visual Studio Code โ Script development and debugging GitHub โ Project repository hosting, collaboration, and documentation ๐ GitHub Repo : Azure Sentinel RDP Detection Lab ๐ง Key Skills Demonstrated: SIEM configuration & log integration using Microsoft Azure PowerShell scripting for log automation and API integration Real-time threat monitoring using custom event correlation Data enrichment & visualization for actionable threat intelligence Building scalable and reusable detection logic for enterprise defense ๐ก Future Enhancements: Enable real-time alerting for suspicious login patterns using Azure Sentinel Playbooks. Integrate with additional threat intelligence feeds (AbuseIPDB, AlienVault OTX) for context-aware detection. Automate incident response workflows using Logic Apps and Azure Functions. Enhance dashboard interactivity using Power BI embedded insights within Sentinel. โ Outcome & Impact: This project showcased the ability to build a fully functional SIEM detection lab from scratch , combining PowerShell automation , telemetry integration , and cloud-based threat visibility . It reinforced practical capabilities in log analysis , event correlation , security automation , and Blue Team defense architecture , making it a powerful portfolio piece for SOC roles, cloud security, and SIEM engineering.
๐ง Reverse Shell โ Remote Administration Tool (RAT) (Hacking Tool - Offensive Security )
๐ง Reverse Shell โ Remote Administration Tool (RAT) Category : Red Team | Remote Access | Malware Simulation | Ethical Hacking Timeline : June 2024 Skills Demonstrated : Network Programming, Ethical Malware Development, Remote System Control ๐ Full Article ๐ GitHub Repository This project involved designing and developing a fully functional Remote Administration Tool (RAT) with reverse shell capabilities, tailored for ethical use in cybersecurity awareness training, Red Team simulation labs, and secure remote support. Inspired by real-world offensive security tools, this RAT serves as a controlled environment to understand adversarial tactics and test detection capabilities in Blue Team environments . ๐ง Core Capabilities & Features: ๐บ Live Screen Streaming : Monitor the targetโs desktop in real-time to simulate surveillance scenarios. ๐ธ Screenshot Capture : Snap full-screen images on demand for documentation or forensic collection. ๐ฅ Webcam Access : Capture still images or video streams from the targetโs webcam, simulating advanced spyware behavior. ๐ File Transfer : Retrieve files from the compromised machine, simulating data exfiltration. ๐ Location Tracking : Use public IP-based geolocation APIs to approximate the victimโs location. ๐ป Remote Command Execution : Send and execute shell commands on the target system to demonstrate control escalation. ๐ฆ Easy Deployment : Delivered as a compiled standalone executable for seamless distribution during training simulations. ๐งช Technical Implementation: Reverse TCP Shell : Custom socket-based communication between the listener (attacker) and client (target) with encrypted payload delivery. Multi-threaded Server Design : Enables handling multiple sessions concurrently with efficient resource management. Camera & Screen Modules : Utilizes native APIs and libraries to access visual interfaces without triggering common AV heuristics. Geolocation API Integration : Leverages third-party services (e.g., ip-api.com ) to map attacker reach. Command Parsing Engine : Lightweight command interpreter built to execute system-level operations remotely and return output cleanly. โ ๏ธ Security & Ethical Considerations: This project is strictly intended for educational , defensive simulation , and ethical research purposes. It complies with academic and ethical guidelines for malware development and has been used in controlled environments for awareness, incident response testing, and SOC training labs. ๐ ๏ธ Technologies Used: Languages : Python (core), PowerShell (payload delivery), C# (for GUI packaging and executables) Libraries : socket , os , cv2 , pyautogui , requests , threading Environments : Kali Linux (listener), Windows 10 (target), VMware for testing Tools Used for Testing : Wireshark (packet inspection), Defender & AV bypass tests, Static/Dynamic analysis tools ๐ง Skills Demonstrated: Low-level network socket programming and reverse shell communication Offensive security development and malware simulation System and API interaction for device control (screen, webcam, files) Secure and efficient command handling over untrusted networks Ethical use and documentation of Red Team tactics for Blue Team defense ๐ Impact & Use Cases: Used to simulate attacker behavior for SIEM and endpoint detection rule development. Trained SOC analysts to recognize and respond to C2 (Command & Control) behavior. Demonstrated how remote access malware operates , fostering awareness in defensive security teams and end users. ๐ Future Enhancements: Add persistence mechanisms for full malware simulation. Integrate TLS encryption for secure C2 communications. Build a centralized dashboard for session management and attacker tools. Expand to cross-platform compatibility (Linux/macOS targets). If you're working in threat detection, offensive security, or want to build malware defense capabilities, this project provides a unique opportunity to explore how real-world RATs operate , how to simulate them responsibly, and how to build detection logic against such threats.