179 lines
43 KiB
Markdown
179 lines
43 KiB
Markdown
<div align="center">
|
||
<img width="260" height="260" alt="Kali-dragon-icon svg" src="https://github.com/user-attachments/assets/d911b71f-6ad9-45b7-9513-237f83377023" alt="Kali Linux Icon"/>
|
||
<h1 align="center">Cybersecurity Projects 🐉</h1>
|
||
<p align="center">70 Cybersecurity Projects, Certification Roadmaps & Resources</p>
|
||
</div>
|
||
|
||
<div align="center">
|
||
<img src="https://img.shields.io/github/stars/CarterPerez-dev/Cybersecurity-Projects" alt="stars"/>
|
||
<img src="https://img.shields.io/github/forks/CarterPerez-dev/Cybersecurity-Projects" alt="forks"/>
|
||
<img src="https://img.shields.io/github/issues/CarterPerez-dev/Cybersecurity-Projects" alt="issues"/>
|
||
<img src="https://img.shields.io/github/license/CarterPerez-dev/Cybersecurity-Projects" alt="license"/>
|
||
<br/>
|
||
<img src="https://img.shields.io/badge/Cybersecurity-70_Projects-darkblue" alt="projects"/>
|
||
<img src="https://img.shields.io/badge/Security-Learning_Resources-darkred" alt="resources"/>
|
||
</div>
|
||
|
||
<div align="center">
|
||
<a href="https://github.com/sponsors/CarterPerez-dev">
|
||
<img src="https://img.shields.io/static/v1?label=Contribute&message=%E2%9D%A4&logo=GitHub&color=darkgreen" alt="contribute"/>
|
||
</a>
|
||
</div>
|
||
|
||
<p align="center">Made possible by <a href="https://certgames.com"><strong>CertGames</strong></a></p>
|
||
|
||
<h2 align="center"><strong>View Complete Projects:</strong></h2>
|
||
<div align="center">
|
||
<a href="https://github.com/CarterPerez-dev/Cybersecurity-Projects/tree/main/PROJECTS">
|
||
<img src="https://img.shields.io/badge/Full_Source_Code-40/70-blue?style=for-the-badge&logo=github" alt="Projects"/>
|
||
</a>
|
||
</div>
|
||
|
||
<p align="center"><sub><em>Currently building: DDoS Mitigation Tool</em></sub></p>
|
||
|
||
---
|
||
|
||
## Quick Navigation
|
||
|
||
### [Projects](#projects)
|
||
Hands-on cybersecurity projects with full source code, organized in four tiers — **Foundations** (pre-beginner, first-time programmers), **Beginner**, **Intermediate**, and **Advanced**.
|
||
|
||
### [Certification Roadmaps](./ROADMAPS/README.md)
|
||
10 structured career paths with certification guides for SOC Analyst, Pentester, Security Engineer, and more.
|
||
|
||
### [Learning Resources](./RESOURCES/README.md)
|
||
Tools, courses, certifications, communities, and frameworks for cybersecurity professionals.
|
||
|
||
---
|
||
|
||
# Projects
|
||
|
||
<div align="center">
|
||
<img src="https://img.shields.io/badge/Foundations-5DEFD0?style=for-the-badge&logo=bookstack&logoColor=black&labelColor=5DEFD0" alt="Foundations"/>
|
||
<img src="https://img.shields.io/badge/Beginner-2EA44F?style=for-the-badge&logo=leaflet&logoColor=white" alt="Beginner"/>
|
||
<img src="https://img.shields.io/badge/Intermediate-D4A017?style=for-the-badge&logo=target&logoColor=white" alt="Intermediate"/>
|
||
<img src="https://img.shields.io/badge/Advanced-C73E3A?style=for-the-badge&logo=shield&logoColor=white" alt="Advanced"/>
|
||
</div>
|
||
|
||
---
|
||
|
||
> [!TIP]
|
||
> **Want to be walked through building these instead of reading finished source?** [CertGames](https://certgames.com) has guided project courses that build real security tools from scratch, step by step, with the concepts explained as you go. Same projects, less getting stuck. FREE
|
||
|
||
## Foundations Projects
|
||
|
||
> [!NOTE]
|
||
> **Start here if this is your first time coding.** The Foundations tier is *pre-beginner* — built for someone who has never written Python, has barely used a terminal, and is new to cybersecurity. Source files are heavily commented as a teaching aid, and every `learn/` folder explains concepts from zero. Once you're comfortable here, the Beginner projects assume you already know the language and move faster.
|
||
>
|
||
> **What makes Foundations different:**
|
||
> - **Single-file projects** — the entire tool lives in one readable Python file. No file-hopping.
|
||
> - **Heavy teaching comments** — every line that introduces a new concept is annotated inline.
|
||
> - **Numpy-style docstrings on every function** — what it does, why it exists, every parameter.
|
||
> - **Extra-deep `learn/` folders** — Python features and security concepts both explained from zero.
|
||
> - **Senior-level code, beginner-level explanations** — the code itself is still production-quality.
|
||
|
||
| Project | Info | What You'll Learn |
|
||
|---------|------|-------------------|
|
||
| **[Hash Identifier](./PROJECTS/foundations/hash-identifier)**<br>Identify hash types by prefix, length, and charset |     | Hash families (MD5, SHA, bcrypt, Argon2) • PHC string format • Pattern matching • Pure-function design<br>[Source Code](./PROJECTS/foundations/hash-identifier) \| [Docs](./PROJECTS/foundations/hash-identifier/learn) |
|
||
| **[HTTP Headers Scanner](./PROJECTS/foundations/http-headers-scanner)**<br>Audit a URL's response headers for missing or weak security controls |     | HTTP fundamentals • Security headers (CSP, HSTS, X-Frame-Options) • httpx requests • Scored audits<br>[Source Code](./PROJECTS/foundations/http-headers-scanner) \| [Docs](./PROJECTS/foundations/http-headers-scanner/learn) |
|
||
| **[Password Manager](./PROJECTS/foundations/password-manager)**<br>Encrypted local vault with master password unlock |     | Argon2id key derivation • AES-GCM authenticated encryption • Secure on-disk vaults • Master-password workflows<br>[Source Code](./PROJECTS/foundations/password-manager) \| [Docs](./PROJECTS/foundations/password-manager/learn) |
|
||
|
||
---
|
||
|
||
## Beginner Projects
|
||
|
||
| Project | Info | What You'll Learn |
|
||
|---------|------|-------------------|
|
||
| **[Simple Port Scanner](./PROJECTS/beginner/simple-port-scanner)**<br>Async TCP port scanner in C++ [@deniskhud](https://github.com/deniskhud) |    | TCP socket programming • Async I/O patterns • Service detection<br>[Source Code](./PROJECTS/beginner/simple-port-scanner) \| [Docs](./PROJECTS/beginner/simple-port-scanner/learn) |
|
||
| **[Keylogger](./PROJECTS/beginner/keylogger)**<br>Capture keyboard events with timestamps |    | Event handling • File I/O • Ethical considerations<br>[Source Code](./PROJECTS/beginner/keylogger) \| [Docs](./PROJECTS/beginner/keylogger/learn) |
|
||
| **[Caesar Cipher](./PROJECTS/beginner/caesar-cipher)**<br>CLI encryption/decryption tool |    | Classical cryptography • Brute force attacks • CLI design<br>[Source Code](./PROJECTS/beginner/caesar-cipher) \| [Docs](./PROJECTS/beginner/caesar-cipher/learn) |
|
||
| **[DNS Lookup CLI Tool](./PROJECTS/beginner/dns-lookup)**<br>Query DNS records with WHOIS |    | DNS protocols • WHOIS queries • Reverse DNS lookup<br>[Source Code](./PROJECTS/beginner/dns-lookup) \| [Docs](./PROJECTS/beginner/dns-lookup/learn) |
|
||
| **[Simple Vulnerability Scanner](./PROJECTS/beginner/simple-vulnerability-scanner)**<br>Check software against CVE databases |    | CVE databases • Dependency scanning • Vulnerability assessment<br>[Source Code](./PROJECTS/beginner/simple-vulnerability-scanner) \| [Docs](./PROJECTS/beginner/simple-vulnerability-scanner/learn) |
|
||
| **[Metadata Scrubber Tool](./PROJECTS/beginner/metadata-scrubber-tool)**<br>Remove EXIF and privacy metadata [@Heritage-XioN](https://github.com/Heritage-XioN) |    | EXIF data • Privacy protection • Batch processing<br>[Source Code](./PROJECTS/beginner/metadata-scrubber-tool) \| [Docs](./PROJECTS/beginner/metadata-scrubber-tool/learn) |
|
||
| **[Network Traffic Analyzer](./PROJECTS/beginner/network-traffic-analyzer)**<br>Capture and analyze packets |     | Packet capture • Protocol analysis • Traffic visualization<br>[Source (C++)](./PROJECTS/beginner/network-traffic-analyzer/cpp) \| [Docs (C++)](./PROJECTS/beginner/network-traffic-analyzer/cpp/learn) \| [Source (Python)](./PROJECTS/beginner/network-traffic-analyzer/python) \| [Docs (Python)](./PROJECTS/beginner/network-traffic-analyzer/python/learn) |
|
||
| **[Hash Cracker](./PROJECTS/beginner/hash-cracker)**<br>Dictionary and brute-force cracking |    | Hash algorithms • Dictionary attacks • Password security<br>[Source Code](./PROJECTS/beginner/hash-cracker) \| [Docs](./PROJECTS/beginner/hash-cracker/learn) |
|
||
| **[Steganography Multi-Tool](./SYNOPSES/beginner/Steganography.Multi.Tool.md)**<br>Hide data in images, audio, QR, PDFs, text |    | Multi-format steganography • Encrypted AEAD envelope • Zero-width Unicode • Audio LSB • QR Reed-Solomon injection<br>[Source Code](./PROJECTS/beginner/steganography-multi-tool) \| [Docs](./PROJECTS/beginner/steganography-multi-tool/learn) |
|
||
| **[Ghost on the Wire](./SYNOPSES/beginner/Ghost.On.The.Wire.md)**<br>L2 attack & defense: MAC spoofing + ARP detection |    | ARP protocol • MAC spoofing • MITM detection • L2 trust mapping<br>[Learn More](./SYNOPSES/beginner/Ghost.On.The.Wire.md) |
|
||
| **[Canary Token Generator](./PROJECTS/beginner/canary-token-generator)**<br>Self-hosted honeytokens that alert on access |      | Deception defense • Honeytokens • MySQL wire protocol • PDF/DOCX patching • Webhook + Telegram alerting<br>[Source Code](./PROJECTS/beginner/canary-token-generator) \| [Docs](./PROJECTS/beginner/canary-token-generator/learn)<br>[](https://iglowinthedark.com/) |
|
||
| **[Phishing Domain Generator & Quishing Scanner](./SYNOPSES/beginner/Phishing.Domain.Generator.And.Quishing.Scanner.md)**<br>Typosquat generation + QR phishing detection |    | Homoglyph attacks • Typosquatting • QR code analysis • Domain intelligence<br>[Learn More](./SYNOPSES/beginner/Phishing.Domain.Generator.And.Quishing.Scanner.md) |
|
||
| **[SSH Brute Force Detector](./SYNOPSES/beginner/SSH.Brute.Force.Detector.md)**<br>Monitor and block SSH attacks |    | Log parsing • Attack detection • Firewall automation<br>[Learn More](./SYNOPSES/beginner/SSH.Brute.Force.Detector.md) |
|
||
| **[Simple C2 Beacon](./PROJECTS/beginner/c2-beacon)**<br>Command and Control beacon/server |      | C2 architecture • MITRE ATT&CK • WebSocket protocol • XOR encoding<br>[Source Code](./PROJECTS/beginner/c2-beacon) \| [Docs](./PROJECTS/beginner/c2-beacon/learn) |
|
||
| **[Base64 Encoder/Decoder](./SYNOPSES/beginner/Base64.Encoder.Decoder.md)**<br>Multi-format encoding tool |    | Base64/32 encoding • URL encoding • Auto-detection<br>[Source Code](./PROJECTS/beginner/base64-tool) \| [Docs](./PROJECTS/beginner/base64-tool/learn) |
|
||
| **[Linux CIS Hardening Auditor](./PROJECTS/beginner/linux-cis-hardening-auditor)**<br>CIS benchmark compliance checker |    | CIS benchmarks • System hardening • Compliance scoring • Shell scripting<br>[Source Code](./PROJECTS/beginner/linux-cis-hardening-auditor) \| [Docs](./PROJECTS/beginner/linux-cis-hardening-auditor/learn) |
|
||
| **[Systemd Persistence Scanner](./PROJECTS/beginner/systemd-persistence-scanner)**<br>Hunt Linux persistence mechanisms |    | Persistence techniques • Systemd internals • Cron analysis • Threat hunting<br>[Source Code](./PROJECTS/beginner/systemd-persistence-scanner) \| [Docs](./PROJECTS/beginner/systemd-persistence-scanner/learn) |
|
||
| **[Linux eBPF Security Tracer](./PROJECTS/beginner/linux-ebpf-security-tracer)**<br>Real-time syscall tracing with eBPF |     | eBPF programs • Syscall tracing • BCC framework • Security observability<br>[Source Code](./PROJECTS/beginner/linux-ebpf-security-tracer) \| [Docs](./PROJECTS/beginner/linux-ebpf-security-tracer/learn) |
|
||
| **[Trojan Application Builder](./SYNOPSES/beginner/Trojan.Application.Builder.md)**<br>Educational malware lifecycle demo |    | Trojan anatomy • Data exfiltration • File encryption • Attack lifecycle<br>[Learn More](./SYNOPSES/beginner/Trojan.Application.Builder.md) |
|
||
| **[DNS Sinkhole](./SYNOPSES/beginner/DNS.Sinkhole.md)**<br>Pi-hole-style malware domain blocker |    | DNS protocol • Blocklist management • Query logging • Network defense<br>[Learn More](./SYNOPSES/beginner/DNS.Sinkhole.md) |
|
||
| **[Firewall Rule Engine](./PROJECTS/beginner/firewall-rule-engine)**<br>Parse and validate iptables/nftables rules |    | Firewall internals • Rule parsing • iptables/nftables • V language<br>[Source Code](./PROJECTS/beginner/firewall-rule-engine) \| [Docs](./PROJECTS/beginner/firewall-rule-engine/learn) |
|
||
| **[LLM Prompt Injection Firewall](./SYNOPSES/beginner/LLM.Prompt.Injection.Firewall.md)**<br>Detect and block prompt injection attacks |    | AI security • Prompt injection • Input sanitization • LLM defense<br>[Learn More](./SYNOPSES/beginner/LLM.Prompt.Injection.Firewall.md) |
|
||
|
||
## Intermediate Projects
|
||
|
||
| Project | Info | What You'll Learn |
|
||
|---------|------|-------------------|
|
||
| **[Security News Scraper](./SYNOPSES/beginner/Security.News.Scraper.md)**<br>Aggregate cybersecurity news |    | Web scraping • CVE parsing • Database storage<br>[Source Code](./PROJECTS/intermediate/security-news-scraper) \| [Docs](./PROJECTS/intermediate/security-news-scraper/learn) |
|
||
| **[Payload Obfuscation Engine](./SYNOPSES/intermediate/Payload.Obfuscation.Engine.md)**<br>Multi-layer payload obfuscation toolkit |    | Obfuscation techniques • Polymorphism • AV evasion • Signature detection<br>[Learn More](./SYNOPSES/intermediate/Payload.Obfuscation.Engine.md) |
|
||
| **[SIEM Dashboard](./SYNOPSES/intermediate/SIEM.Dashboard.md)**<br>Log aggregation with correlation |     | SIEM concepts • Log correlation • Full-stack development<br>[Source Code](./PROJECTS/intermediate/siem-dashboard) \| [Docs](./PROJECTS/intermediate/siem-dashboard/learn)<br>[](https://siem.carterperez-dev.com/) |
|
||
| **[Token Abuse Playground](./SYNOPSES/intermediate/Token.Abuse.Playground.md)**<br>15+ token vulnerabilities to exploit and fix |     | JWT exploitation • OAuth attacks • Session security • Token forensics<br>[Learn More](./SYNOPSES/intermediate/Token.Abuse.Playground.md) |
|
||
| **[Supply Chain Attack Simulator](./SYNOPSES/intermediate/Supply.Chain.Attack.Simulator.md)**<br>Fake PyPI package dependency confusion demo |    | Supply chain attacks • Dependency confusion • Package security • PyPI internals<br>[Learn More](./SYNOPSES/intermediate/Supply.Chain.Attack.Simulator.md) |
|
||
| **[DDoS Mitigation Tool](./SYNOPSES/intermediate/DDoS.Mitigation.Tool.md)**<br>Detect traffic spikes |    | DDoS detection • Rate limiting • Anomaly detection<br>[Learn More](./SYNOPSES/intermediate/DDoS.Mitigation.Tool.md) |
|
||
| **[Secrets Scanner](./PROJECTS/intermediate/secrets-scanner)**<br>Scan codebases and git history for leaked secrets |    | Secret detection • Shannon entropy • HIBP k-anonymity • SARIF output<br>[Source Code](./PROJECTS/intermediate/secrets-scanner) \| [Docs](./PROJECTS/intermediate/secrets-scanner/learn) |
|
||
| **[API Security Scanner](./PROJECTS/intermediate/api-security-scanner)**<br>Enterprise API vulnerability scanner |      | OWASP API Top 10 • ML fuzzing • GraphQL/SOAP testing<br>[Source Code](./PROJECTS/intermediate/api-security-scanner) \| [Docs](./PROJECTS/intermediate/api-security-scanner/learn) |
|
||
| **[Wireless Deauth Detector](./SYNOPSES/intermediate/Wireless.Deauth.Detector.md)**<br>Monitor WiFi deauth attacks |    | Wireless security • Packet sniffing • Attack detection<br>[Learn More](./SYNOPSES/intermediate/Wireless.Deauth.Detector.md) |
|
||
| **[Credential Enumeration](./PROJECTS/intermediate/credential-enumeration)**<br>Post-exploitation credential collection |    | Credential extraction • Browser forensics • Red team tooling • Nim language<br>[Source Code](./PROJECTS/intermediate/credential-enumeration) \| [Docs](./PROJECTS/intermediate/credential-enumeration/learn) |
|
||
| **[Binary Analysis Tool](./PROJECTS/intermediate/binary-analysis-tool)**<br>Disassemble and analyze executables |    | Binary analysis • String extraction • Malware detection<br>[Source Code](./PROJECTS/intermediate/binary-analysis-tool) \| [Docs](./PROJECTS/intermediate/binary-analysis-tool/learn)<br>[](https://elitenetwork4life.com/) |
|
||
| **[Chaos Engineering Security Tool](./SYNOPSES/intermediate/Chaos.Engineering.Security.Tool.md)**<br>Inject security failures to test resilience |    | Chaos engineering • Security resilience • Credential spraying • Auth testing<br>[Learn More](./SYNOPSES/intermediate/Chaos.Engineering.Security.Tool.md) |
|
||
| **[Credential Rotation Enforcer](./SYNOPSES/intermediate/Credential.Rotation.Enforcer.md)**<br>Track and enforce credential rotation policies |    | Credential hygiene • Secret rotation • Compliance dashboards • API integration<br>[Source Code](./PROJECTS/intermediate/credential-rotation-enforcer) \| [Docs](./PROJECTS/intermediate/credential-rotation-enforcer/learn) |
|
||
| **[Race Condition Exploiter](./SYNOPSES/intermediate/Race.Condition.Exploiter.md)**<br>TOCTOU race condition attack & defense lab |     | TOCTOU attacks • Double-spend bugs • Concurrent exploitation • Race visualization<br>[Learn More](./SYNOPSES/intermediate/Race.Condition.Exploiter.md) |
|
||
| **[JA3/JA4 TLS Fingerprinting Tool](./SYNOPSES/intermediate/JA3.JA4.TLS.Fingerprinting.Tool.md)**<br>Fingerprint TLS clients by handshake |    | TLS handshake analysis • JA3/JA4 hashing • Bot detection • Malware C2 identification<br>[Source Code](./PROJECTS/intermediate/ja3-ja4-tls-fingerprinting) \| [Docs](./PROJECTS/intermediate/ja3-ja4-tls-fingerprinting/learn)<br>[](https://mkultraalumni.com/) |
|
||
| **[Mobile App Security Analyzer](./SYNOPSES/intermediate/Mobile.App.Security.Analyzer.md)**<br>Decompile and analyze mobile apps |    | APK/IPA analysis • Reverse engineering • OWASP Mobile<br>[Learn More](./SYNOPSES/intermediate/Mobile.App.Security.Analyzer.md) |
|
||
| **[DLP Scanner](./PROJECTS/intermediate/dlp-scanner)**<br>Data Loss Prevention for files, DBs, and traffic |    | PII detection • GDPR/HIPAA compliance • Pattern matching • Data classification<br>[Source Code](./PROJECTS/intermediate/dlp-scanner) \| [Docs](./PROJECTS/intermediate/dlp-scanner/learn) |
|
||
| **[Lua/Nginx Edge Backend](./SYNOPSES/intermediate/Lua.Nginx.Edge.Backend.md)**<br>Full CRUD backend via Lua in Nginx |     | Edge computing • OpenResty • Lua scripting • WAF • JWT at the edge<br>[Learn More](./SYNOPSES/intermediate/Lua.Nginx.Edge.Backend.md) |
|
||
| **[Privesc Playground](./SYNOPSES/intermediate/Privesc.Playground.md)**<br>20+ privilege escalation paths to exploit |    | SUID exploitation • Sudo abuse • Cron hijacking • GTFOBins • Capability abuse<br>[Learn More](./SYNOPSES/intermediate/Privesc.Playground.md) |
|
||
| **[SBOM Generator & Vulnerability Matcher](./PROJECTS/intermediate/sbom-generator-vulnerability-matcher)**<br>Software Bill of Materials with CVE matching |    | SPDX/CycloneDX formats • Dependency analysis • CVE databases • EO 14028 compliance<br>[Source Code](./PROJECTS/intermediate/sbom-generator-vulnerability-matcher) \| [Docs](./PROJECTS/intermediate/sbom-generator-vulnerability-matcher/learn) |
|
||
| **[Subdomain Takeover Scanner](./SYNOPSES/intermediate/Subdomain.Takeover.Scanner.md)**<br>Detect dangling DNS records |    | DNS enumeration • CNAME analysis • Cloud resource claiming • Bug bounty<br>[Learn More](./SYNOPSES/intermediate/Subdomain.Takeover.Scanner.md) |
|
||
| **[GraphQL Security Tester](./SYNOPSES/intermediate/GraphQL.Security.Tester.md)**<br>Automated GraphQL vulnerability testing |    | Introspection attacks • Query depth DoS • Authorization bypass • Batching abuse<br>[Learn More](./SYNOPSES/intermediate/GraphQL.Security.Tester.md) |
|
||
| **[Docker Security Audit](./PROJECTS/intermediate/docker-security-audit)**<br>CIS Docker Benchmark scanner |     | CIS benchmarks • Container security • Multiple output formats<br>[Source Code](./PROJECTS/intermediate/docker-security-audit) \| [Docs](./PROJECTS/intermediate/docker-security-audit/learn) |
|
||
|
||
## Advanced Projects
|
||
|
||
| Project | Info | What You'll Learn |
|
||
|---------|------|-------------------|
|
||
| **[API Rate Limiter](./PROJECTS/advanced/api-rate-limiter)**<br>Distributed rate limiting middleware |     | Token bucket algorithm • Distributed systems • Redis backend<br>[Source Code](./PROJECTS/advanced/api-rate-limiter) \| [Docs](./PROJECTS/advanced/api-rate-limiter/learn) |
|
||
| **[Encrypted Chat Application](./PROJECTS/advanced/encrypted-p2p-chat)**<br>Real-time E2EE messaging |      | Signal Protocol • Double Ratchet • WebAuthn • WebSockets<br>[Source Code](./PROJECTS/advanced/encrypted-p2p-chat) \| [Docs](./PROJECTS/advanced/encrypted-p2p-chat/learn) |
|
||
| **[Exploit Development Framework](./SYNOPSES/advanced/Exploit.Development.Framework.md)**<br>Modular exploitation framework |    | Exploit development • Payload generation • Plugin architecture<br>[Learn More](./SYNOPSES/advanced/Exploit.Development.Framework.md) |
|
||
| **[AI Threat Detection](./PROJECTS/advanced/ai-threat-detection)**<br>ML-powered nginx threat detection |      | ML ensemble (AE + RF + IF) • ONNX inference • Real-time detection<br>[Source Code](./PROJECTS/advanced/ai-threat-detection) \| [Docs](./PROJECTS/advanced/ai-threat-detection/learn) |
|
||
| **[Zingela Stateless Scanner](./PROJECTS/advanced/zig-stateless-scanner)**<br>Line-rate stateless mass TCP/UDP port scanner |    | Stateless SYN scanning • SipHash cookies • Cyclic-group permutation • AF_PACKET / AF_XDP<br>[Source Code](./PROJECTS/advanced/zig-stateless-scanner) \| [Docs](./PROJECTS/advanced/zig-stateless-scanner/learn) |
|
||
| **[Bug Bounty Platform](./PROJECTS/advanced/bug-bounty-platform)**<br>Full vulnerability disclosure platform |      | Full-stack development • CVSS scoring • Workflow automation<br>[Source Code](./PROJECTS/advanced/bug-bounty-platform) \| [Docs](./PROJECTS/advanced/bug-bounty-platform/learn)<br>[](https://bugbounty.carterperez-dev.com/) |
|
||
| **[Cloud Security Compliance Dashboard](./SYNOPSES/advanced/Cloud.Security.Compliance.Dashboard.md)**<br>Multi-cloud compliance with CIS, SOC2, HIPAA |      | CIS benchmarks • SOC2/HIPAA compliance • Cost-security optimization • Drift detection<br>[Learn More](./SYNOPSES/advanced/Cloud.Security.Compliance.Dashboard.md) |
|
||
| **[Malware Analysis Platform](./SYNOPSES/advanced/Malware.Analysis.Platform.md)**<br>Automated sandbox analysis |     | Malware analysis • Sandboxing • YARA rules • IOC extraction<br>[Learn More](./SYNOPSES/advanced/Malware.Analysis.Platform.md) |
|
||
| **[Quantum Resistant Encryption](./SYNOPSES/advanced/Quantum.Resistant.Encryption.md)**<br>Post-quantum cryptography |    | Post-quantum algorithms • Hybrid encryption • Kyber/Dilithium<br>[Learn More](./SYNOPSES/advanced/Quantum.Resistant.Encryption.md) |
|
||
| **[Zero Day Vulnerability Scanner](./SYNOPSES/advanced/Zero.Day.Vulnerability.Scanner.md)**<br>Coverage-guided fuzzing |     | Fuzzing • Vulnerability research • Crash triage<br>[Learn More](./SYNOPSES/advanced/Zero.Day.Vulnerability.Scanner.md) |
|
||
| **[Distributed Password Cracker](./SYNOPSES/advanced/Distributed.Password.Cracker.md)**<br>GPU-accelerated cracking |     | Distributed systems • GPU computing • Hash cracking<br>[Learn More](./SYNOPSES/advanced/Distributed.Password.Cracker.md) |
|
||
| **[Kernel Rootkit Detection](./SYNOPSES/advanced/Kernel.Rootkit.Detection.md)**<br>Detect kernel-level rootkits |    | Kernel internals • Memory forensics • Rootkit detection<br>[Learn More](./SYNOPSES/advanced/Kernel.Rootkit.Detection.md) |
|
||
| **[Blockchain Smart Contract Auditor](./SYNOPSES/advanced/Blockchain.Smart.Contract.Auditor.md)**<br>Solidity vulnerability analysis |     | Smart contracts • Static analysis • Solidity security<br>[Learn More](./SYNOPSES/advanced/Blockchain.Smart.Contract.Auditor.md) |
|
||
| **[Adversarial ML Attacker](./SYNOPSES/advanced/Adversarial.ML.Attacker.md)**<br>Generate adversarial examples |     | Adversarial ML • FGSM/DeepFool • Model robustness<br>[Learn More](./SYNOPSES/advanced/Adversarial.ML.Attacker.md) |
|
||
| **[Reverse-Engineering](./PROJECTS/advanced/rveng)**<br>Reverse-engineering learning platform. |    | Reverse Engineering • Disassembly • Dynamic & Static Analysis<br>[Source Code](./PROJECTS/advanced/rveng) \| [Docs](./PROJECTS/advanced/rveng/learn)
|
||
| **[Hardware Security Module Emulator](./PROJECTS/advanced/hsm-emulator)**<br>Software HSM that compiles to a real PKCS#11 `.so` |    | PKCS#11/Cryptoki C ABI (machine-checked vs OASIS headers) • AES-GCM/CBC • RSA/ECDSA/ECDH • Argon2id + encrypted-at-rest • driven by `pkcs11-tool`<br>[Source Code](./PROJECTS/advanced/hsm-emulator) \| [Docs](./PROJECTS/advanced/hsm-emulator/learn) |
|
||
| **[Network Covert Channel](./SYNOPSES/advanced/Network.Covert.Channel.md)**<br>Data exfiltration techniques |    | Covert channels • Data exfiltration • Steganography<br>[Learn More](./SYNOPSES/advanced/Network.Covert.Channel.md) |
|
||
| **[Automated Penetration Testing](./SYNOPSES/advanced/Automated.Penetration.Testing.md)**<br>Full pentest automation |    | Pentest automation • Recon to exploitation • Report generation<br>[Learn More](./SYNOPSES/advanced/Automated.Penetration.Testing.md) |
|
||
| **[Haskell Reverse Proxy](./PROJECTS/advanced/haskell-reverse-proxy)**<br>Functional reverse proxy with security middleware |    | Functional programming • Reverse proxy design • Security middleware • Haskell<br>[Source Code](./PROJECTS/advanced/haskell-reverse-proxy) |
|
||
| **["Monitor the Situation" Dashboard](./PROJECTS/advanced/monitor-the-situation-dashboard)**<br>Real-time cyber threat situational awareness |      | Threat intel feeds • EPSS/KEV/CVE velocity • BGP hijacks • WebSocket fan-out • 3D globe SOC view<br>[Source Code](./PROJECTS/advanced/monitor-the-situation-dashboard) \| [Docs](./PROJECTS/advanced/monitor-the-situation-dashboard/learn)<br>[](https://iminthewalls.com/) |
|
||
| **[Honeypot Network](./PROJECTS/advanced/honeypot-network)**<br>Multi-service honeypot deployment & analysis |      | Honeypot deployment • Attacker behavior analysis • IOC extraction • MITRE mapping<br>[Source Code](./PROJECTS/advanced/honeypot-network) \| [Docs](./PROJECTS/advanced/honeypot-network/learn)<br>[](https://honeypot-network.carterperez-dev.com/) |
|
||
| **[Supply Chain Security Analyzer](./SYNOPSES/advanced/Supply.Chain.Security.Analyzer.md)**<br>Dependency vulnerability analysis |    | Supply chain security • Dependency analysis • Malicious packages<br>[Learn More](./SYNOPSES/advanced/Supply.Chain.Security.Analyzer.md) |
|
||
|
||
---
|
||
|
||
## Learn More
|
||
|
||
**[Certification Roadmaps](./ROADMAPS/README.md)** - Career paths for SOC Analyst, Pentester, Security Engineer, GRC Analyst, and 6 more tracks
|
||
|
||
**[Learning Resources](./RESOURCES/README.md)** - Tools, courses, certifications, YouTube channels, Reddit communities, and security frameworks
|
||
|
||
**[CertGames](https://certgames.com)** - The platform I built to do all of this in one place: practice questions, Learn lessons, guided projects, and these roadmaps with progress tracking. FREE
|
||
|
||
|
||
## License
|
||
|
||
[AGPL 3.0](LICENSE).
|