SHEIKH JUBAIR HOSSAIN

Completed Projects From Various Modules

Cyber Security and Threats, 2022

• Project Title: Man-in-the-Middle Attack Analysis and Mitigation in Financial Systems
• Project Description:
• Investigated Man-in-the-Middle attack techniques and their potential impact on the financial sector.
• Developed a defense strategy incorporating network analysis, encryption protocols, robust authentication, and threat modeling.
• Employed tools such as Wireshark, certificate management systems, MFA solutions, and security frameworks (ISO 27002, MITRE ATT&CK) to mitigate MITM-related risks.

Information Security Design, 2022

• Project 1
• Title: Honda Security Infrastructure Assessment and Threat Analysis
• Project Description: Conducted a comprehensive analysis of Honda's security infrastructure, identified vulnerabilities, and evaluated the impact of the Snake ransomware attack. I researched current cybersecurity threats and challenges faced by major corporations.
• Project 2
• Title: Developing Countermeasures for Snake Ransomware and Industrial Cybersecurity
• Project Description: Investigated the Snake ransomware attack, analyzing its techniques and the vulnerabilities it exploits. Proposed technical and physical security measures, along with the implementation of a cybersecurity framework (ISO 27001), to mitigate the risk of ransomware attacks.

E-Investigation, 2022

• Project Title: ANOM Encrypted Communication Profiling and Exfiltration with UEBA AI/ML
• Project Description:
• Investigated the ANOM encrypted communication platform used by transnational criminal networks.
• Applied User and Entity Behavior Analytics (UEBA) techniques for profiling criminal activities and identifying abnormal communication patterns.
• Leveraged artificial intelligence and machine learning technologies to enhance data exfiltration processes, facilitate evidence collection, and maintain digital forensics best practices.
• Collaborated with multi-national security organizations to analyze encrypted data and share cyber threat intelligence (CTI).

Network Design & Performance, 2022

• Project Title: Wireless Network Simulation: Performance Analysis and Optimization of Routing Protocols
• Project Description:
• Designed a comprehensive wireless networkinfrastructure on NetSim, incorporating routers, wireless nodes, and access points to evaluate the performance of RIP and OSPF routing protocols.
• Configured network topology, implemented both RIP and OSPF protocols individually, and integrated security measures using AES encryption.
• Monitored live simulation results, including routing behaviors, packet transmission, acknowledgement packets, TCP synchronization, and more.
• Analyzed key performance metrics (throughput, delay) to compare protocol suitability for the designed network. Identified potential bottlenecks and optimized network configuration based on the findings of the routing protocol analysis.

Security Operations Center & Incident Response, 2022

• Project 1
• Title: SOC Design and Implementation Consultant for Bose Corporation
• Project Description:
• Collaborated with a cross-functional team to assess Bose Corporation's security vulnerabilities and exposure to cyber threats.
• Thoroughly researched various Security Operations Center (SOC) models, recommending the optimal hybrid solution to address the organization's specific needs.
• Outlined a tailored security approach within the hybridSOC model, emphasizing proactive threat hunting, Cyber Threat Intelligence (CTI) integration, and the implementation of a managed SOAR platform.
• Contributed to the design and documentation of the SOC infrastructure, ensuring alignment with best practices and industry standards.
• Project 2
• Title: Security Operations Center Optimization and Threat Response
• Project Description:
• Analyzed the existing security landscape for a multi-national organization, identifying areas for improving efficiency and incident response capabilities.
• Recommended and assisted in the implementation of a Hybrid SOC model, integrating in-house expertise with experienced third-party security providers.
• Developed and implemented strategies for 24/7 threat monitoring, incident response protocols, and proactive threat hunting techniques.
• Designed and integrated a Managed SOAR solution to streamline security workflows, improve threat visibility, and enhance data analysis capabilities.
• Project 3
• Title: Cyber Incident Response: DoS Attack Simulation and Remediation
• Project Description:
• Conducted a comprehensive evaluation of a simulated DoS attack, including ICMP and SYN flooding techniques, targeting a controlled environment.
• Analyzed network traffic and forensic evidence to pinpoint the attack's origin, its effects, and potential vulnerabilities.
• Developed and implemented an incident response plan based on the NIST framework, covering preparation, detection, analysis, containment, eradication, and recovery phases.
• Designed a cyber playbook detailing specific response steps for future DoS attacks, ensuring alignment with best practices.

Advanced Digital Forensics, 2023

• Project Title: Cloud Forensics Investigation and SIEM Implementation for Enhanced Security
• Project Description:
• Spearheaded a comprehensive investigation into a security breach within an IT company, uncovering malicious activity involving packet sniffing, exploitation tools, unauthorized access, and attempts to cover tracks.
• Diligently analyzed user accounts, application logs, network traffic, and file system data to pinpoint the attack timeline and identify the threat actor (Mr. Evil).
• Designed and implemented security enhancements, including an SIEM solution (PRTG Network Monitoring System) for centralized log management, real-time threat detection, and streamlined incident response.
• Developed a cloud forensics methodology aligned with industry best practices, addressing unique challenges of volatile data, multi-tenancy, and chain-of-custody in cloud environments.
• Researched and recommended specialized cloud forensics tools (Paraben Suite) to support future investigations.

Advanced Ethical Hacking, 2023

• Project 1
• Title: Vulnerability Management and SIEM Integration with Rapid7 InsightVM
• Project Description:
• Led a collaborative project leveraging Rapid7 InsightVM to streamline vulnerability management and enhance security posture.
• Conducted both authenticated and unauthenticated vulnerability scans to gain comprehensive visibility into network weaknesses.
• Analyzed and interpreted scan logs to identify critical vulnerabilities and prioritize remediation efforts.
• Configured InsightVM to optimize scanning efficiency, including custom scan templates and scheduling.
• Integrated vulnerability scan results with a Security Information and Event Management (SIEM) solution using Rapid7 for centralized threat monitoring and improved incident response workflows.
• Project 2
• Title: Vulnerability Management, Risk Assessment, and Reverse Shell Mitigation
• Project Description:
• Spearheaded threat assessment and mitigation project focused on a Windows 2008 server, utilizing Rapid 7 InsightVM for in-depth vulnerability scanning (authenticated and unauthenticated).
• Identified a critical Remote Code Execution (RCE) vulnerability allowing the execution of reverse shell attacks.
• Assessed the severity of the threat by successfully exploiting the vulnerability using penetration testing tools (MSFconsole, Meterpreter).
• Developed and implemented a comprehensive risk mitigation and prevention plan aligned with ISO 27001 security standards.
• Implemented countermeasures, including firewall configuration, operating system updates, and installation of anti-malware software.
• Successfully defended against subsequent reverse shell attack attempts.
• Hands On Project 3
• Title: Cybersecurity Attack Simulation and Defense Strategies
• Project Description:
• Conducted a comprehensive cybersecurity attack simulation on a multi-OS environment (Linux, Windows), demonstrating vulnerability exploitation and post-exploitation techniques.
• Utilized penetration testing tools (John the Ripper, Hydra, Metasploit) to perform password cracking, brute-force attacks targeting SSH, and reverse shell execution for Windows post-exploitation.
• Demonstrated SQL injection technique to extract sensitive data from a vulnerable web application (DVWA).
• Executed a web shell attack to inject a backdoor into a target website, gaining remote command execution capabilities.
• Implemented defensive strategies, including keylogging detection and prevention, footprint removal, and system privilege auditing.

Research Methodology in Computing and Engineering, 2023

• Project 1
• Title: Automated Email Exposure Detection and Mitigation
• Project Description:
• I researched the problem of email vulnerability exposure within organizations, focusing on techniques such as email harvesting and social engineering used in the reconnaissance phase of the Cyber Kill Chain.
• Reviewed existing tools (TheHarvester, Belati, DataSploit, Gitrob) and approaches for addressing email exposure.
• Developed an automated solution ("Spider-Knight") that combines advanced detection methods with proactive user warnings to reduce sensitive information exposure on websites.
• Project 2
• Title: Spider-Knight: Email Exposure Detection and Mitigation Tool
• Project Description:
• Developed an innovative security tool (Spider-Knight) for penetration testers to scan websites for exposed email addresses, an essential step in the reconnaissance phase of cyber attacks.
• Implemented an automated alert system within Spider-Knight to send immediate security precautions directly to owners of exposed email addresses.
• Designed the tool to be more efficient and user-protective than traditional email harvesting tools used by attackers.
• Contributed to proactive cybersecurity practices by empowering individuals to take action against potential phishing threats.

Security Audit And Assessment, 2023

• Project Title: ISMS Enhancement and Compliance Audit
• Project Description:
• Performed a comprehensive audit within a government institution to assess compliance with ISO 27001:2013 and identify vulnerabilities in physical and operational security, communications security, and incident management.
• Leveraged the PDCA cycle to plan, implement, and assess security controls, enhancing the ISMS (Information Security Management System) and aligning the agency with industry-recognized standards.
• Focused on GDPR compliance initiatives, addressing key controls to protect sensitive data and mitigate risk.
• Conducted an internal audit and produced documentation (Internal Quality Audit form, NCR Report) to identify areas for improvement and streamline processes.

Final Thesis Experience, 2023

• Title: Reconnaissance for Business Email Compromise Prevention: An Agile Method to Extract Exposed Emails and Send Automated Precautions
• Key Responsibilities:
• Analyzed the present technological infrastructure and identified the gap in automated solutions that detect and notify exposed email addresses during website penetration tests.
• Employed a theory (Giant Apple Slicing) to optimize the web crawling methodology for efficient email extraction during reconnaissance.
• Engaged in the design and implementation of a system that automates the dispatch of cautionary messages, including encrypted attachments, to vulnerable or exposed email addresses identified during the penetration test.
• Performed rigorous testing and validation processes to ensure the system's efficacy and reliability.
• Produced documentation and comprehensive reports to emphasize the criticality of robust platforms for personal data protection.
• Outcomes:
• Successfully mastered the existing web crawling tools and techniques, identified their drawbacks, and enhanced their functionality to detect exposed corporate email addresses more adeptly.
• Conceptualized and executed an improved email extraction method that seamlessly integrated with web crawling procedures, enhancing the accuracy and efficiency of corporate email address detection.
• Pioneered an automated system capable of delivering immediate precautionary emails, bolstered with secure attachments, to all exposed email addresses detected on a specific website.
• Validated the system's robustness and effectiveness through exhaustive testing, emphasizing the integral role of secure platforms in safeguarding personal information.
• Catalyzed an upswing in awareness regarding the risks linked to publicly accessible corporate email addresses, motivating the adoption of fortified practices within various organizations.

Final Research Experience:
Title: A Comparative Study of Network Intrusion Detection Techniques: Supervised Learning Approaches with Hyper-parameter Tuning, Cross-Validation, Sequential Feature Selection, and Class Resampling, Applied to the NSL-KDD Dataset
Description:
Network intrusion detection is a crucial task for maintaining computer system security. However, existing datasets for this purpose often exhibit challenges such as redundancy, imbalance, and inconsistencies. In this study, I aimed to improve the prediction of network traffic packets using the NSL-KDD dataset, an enhanced version of the KDD'99 dataset.
I employed various supervised machine learning techniques, including:
1. Decision Tree Classifier with Cross-Validation and Hyper-Parameter Tuning.
2. AdaBoost Classifier with Class Resampling and Balancing.
3. Random Forest Classifier with Feature Selection Using Feature Significance.
To evaluate the performance of my models, I utilized multiple metrics: accuracy, precision, recall, and F1-score. Additionally, I constructed confusion matrices and calculated accuracy scores for each model, comparing them to various baseline models.
My findings revealed that while the improved Random Forest model performed slightly worse than the baseline model, both the Decision Tree and AdaBoost models demonstrated superior performance.