Projects
Case studies from shipped systems and security work. These projects cover backend systems, security products, low-level research, and the engineering tradeoffs behind each one.
How To Read This Page
This is not a gallery of one-off demos. I use these projects to show how I think about systems: what the problem really was, why the architecture ended up the way it did, and what changed because the work shipped.
What To Expect
Public, product-shaped work with clearer scope and more honest tradeoffs. Backend, platform, security, and low-level systems projects rather than generic app builds. Case studies that explain why the design matters, not only what tech was used. Project spotlight
Newest project Enterprise NIDS: Network Detection and Analysis Platform Security Product 2026
Built a Python-based network detection platform that supports offline PCAP investigation, live traffic capture, explainable incident reporting, and a FastAPI dashboard with operational telemetry.
2 analysis modes Offline PCAP and live capture workflows
FastAPI + UI Dashboard, APIs, and report access
GitHub-ready CI, docs, and rendered architecture diagram
The hard part was making low-level network analysis readable and operationally useful at the same time. Raw packets and flows are not enough on their own, so the platform had to connect capture, detection, diagrams, reports, and runtime visibility without becoming a pile of disconnected scripts.
Approach
Built dual execution paths for offline PCAP analysis and continuous live capture so the same platform supports investigations and near-real-time monitoring. Layered deterministic detections, fingerprinting, anomaly scoring, deep packet inspection, and project-aware traffic context into one analysis pipeline. Added Mermaid-based traffic diagrams, markdown and JSON report generation, SQLite-backed telemetry, and a FastAPI dashboard to make results explainable to both engineers and non-specialists. Result
Enterprise NIDS now works as an end-to-end detection and analysis platform with capture workflows, report artifacts, a browser dashboard, CI coverage, and GitHub-ready documentation including a rendered architecture diagram.
Python FastAPI SQLite Scapy DPKT Mermaid GitHub Actions
Open full case study Browse by focus area
10 projects shown
All Security Product Systems Publication AI Security Research Application Security Detection
Enterprise NIDS Security Product
2026 Challenge The hard part was making…
Approach Built dual execution paths for offline…
Result Enterprise NIDS now works as…
2 analysis modes Offline PCAP and live…
FastAPI + UI Dashboard, APIs, and report…
GitHub-ready CI, docs, and rendered…
Security Product 2026
Newest project Enterprise NIDS: Network Detection and Analysis Platform Built a Python-based network detection platform that supports offline PCAP investigation, live traffic capture, explainable incident reporting, and a FastAPI dashboard with operational telemetry.
Turned packet analysis into a product-shaped workflow by combining capture, detection, visualization, reporting, and runtime health into one system that is easier to demo, investigate, and operate.
2 analysis modes Offline PCAP and live capture workflows
Supports live packet capture and offline PCAP replay in one codebase. Produces explainable incident reports, anomaly stories, protocol inventories, and Mermaid sequence and flow diagrams. Exposes runtime health, IPS activity, DPI carve history, and recent operations through a dashboard and API layer.
Patchbot Security Platform Security Product
2026 Challenge The core challenge was building…
Approach Integrated Playwright for headless browser-based exploit…
Result Deployed a production-ready security platform…
IAST Autonomous Attack Emulation
High-Entropy Statistical Secret Detection
Enterprise Data isolation and encryption
Security Product 2026
Patchbot Security Platform Engineered an enterprise-grade security platform featuring autonomous attack emulation (IAST) and high-entropy secret detection.
Evolved a baseline security scanner into an enterprise-ready tool by implementing Playwright-backed exploit confirmation and robust statistical secret detection, reducing false positives and accelerating remediation.
IAST Autonomous Attack Emulation
Autonomous attack emulation with dynamic headless browser interactions. Proactive discovery and suppression of high-entropy secrets. Enterprise-grade security controls including multi-tenant isolation and encryption-at-rest.
Challenge The real challenge was building…
Approach Implemented Linux tracing for execve, openat,…
Result Sysguard shipped as a public…
3 event types execve, openat, and connect…
4 actions ALLOW, LOG, ALERT, BLOCK…
Linux-first Prototype tested in Ubuntu…
Systems 2026
Sysguard: eBPF Linux Activity Monitor Built a public Rust and eBPF prototype that monitors Linux process, file, and network activity with YAML policy rules and outbound connect enforcement.
Turned low-level Linux tracing into a repo-ready security tool that classifies runtime activity as ALLOW, LOG, ALERT, or BLOCK without pretending the enforcement surface is broader than it is today.
3 event types execve, openat, and connect coverage
Traces process launches, file opens, and outbound network connects on Linux through eBPF instrumentation. Applies YAML policies to classify activity as ALLOW, LOG, ALERT, or BLOCK with optional machine-readable JSON output. Supports kernel-level blocking for a subset of exact IPv4 connect rules through optional cgroup enforcement.
SpectreFS Security Product
2026 Challenge The hard part was making…
Approach Designed the vault runtime around transparent…
Result SpectreFS now operates as a…
Per-chunk AEAD Random-access authenticated encryption
PBAC Trusted-app plaintext access control
10-step gate Release pipeline across tests,…
Security Product 2026
SpectreFS: Encrypted Vault Filesystem and Desktop App Built an encrypted overlay filesystem and macOS desktop app that keeps files encrypted at rest, exposes plaintext only to trusted apps, and includes repair, audit, and release workflows.
Turned a local encryption tool into a product-shaped system with chunk-authenticated storage, process-based access control, native app flows, and packaging automation instead of stopping at a command-line prototype.
Per-chunk AEAD Random-access authenticated encryption
Encrypts file contents, filenames, extended attributes, and Finder-style metadata instead of leaking filesystem context in plaintext. Restricts plaintext reads through Process-Based Access Control so trusted macOS apps can be allowed while blocked access attempts are audited. Includes vault health, repair, snapshot, native QA, and release-gate workflows that make the product easier to operate and safer to ship.
Event Ingestion and Observability… Systems
2025 Challenge The problem was to keep…
Approach Designed the ingestion path around concurrent…
Result The system reached production as…
Backpressure-aware Queueing, retry, and worker…
End-to-end Ownership from design through…
Observable Runtime health, backlog, and…
Systems 2025
Event Ingestion and Observability Pipeline Designed and implemented a concurrent event-ingestion pipeline with queue-backed workers, secure transport, and runtime visibility across distributed cloud environments.
Owned the project from architecture through production rollout, tuning compute, retry, and transport behavior for fault-tolerant, low-latency streaming.
Backpressure-aware Queueing, retry, and worker isolation
Processed distributed event workloads through queue-backed workers with clear backpressure and retry behavior. Applied low-level tuning around TLS, IPsec, and ingestion logic to keep the pipeline resilient under load.
Neonatal Screening Application (Published… Publication
2023 Challenge The core challenge was balancing…
Approach Designed the application flow around screening-path…
Result The work was published and…
Published Research outcome
Healthcare Domain and workflow framing
End-to-end Research, design, and communication
Publication 2023
Neonatal Screening Application (Published Research Paper) Published a research paper on a neonatal screening application focused on practical detection workflows and early-response usability.
Converted coursework and implementation findings into a publishable technical paper with an explicit emphasis on healthcare-impactful software design.
Published Research outcome
Published at IJRASET as a formal research paper. Demonstrated product-minded security and systems thinking in a healthcare-oriented domain.
AI Security and Agentic… AI Security
2024 Challenge The hard part was not…
Approach Reviewed LLM-enabled agents as systems, not…
Result The result was a security…
1,000+ Alerts in repetitive triage…
Policy-first Agent permission model
Auditable Tool-use and workflow reasoning
AI Security 2024
AI Security and Agentic Workflow Automation Performed adversarial review of LLM-enabled automation agents and built Python-based multi-agent security workflows for alert triage.
Surfaced prompt-injection and unsafe tool-use paths while improving throughput across a 1,000-plus-alert-per-day triage workload.
1,000+ Alerts in repetitive triage flow
Modeled failure paths for agentic systems that interact with tools and external context. Reduced human triage load by automating repetitive detection and enrichment steps.
Advanced Binary Research and… Research
2024 Challenge This work centered on understanding…
Approach Reverse engineered binaries across 32-bit and…
Result The main outcome was deeper…
32-bit + 64-bit Binary environments studied
Root cause Debugging target
Patch-ready Findings translated into fixes
Research 2024
Advanced Binary Research and Exploit Development Reverse engineered 32-bit and 64-bit binaries to understand memory operations, CPU behavior, and kernel interactions in vulnerable code paths.
Used GDB and dynamic analysis to trace corruption faults to root cause and authored optimized C/C++ remediations for crash conditions.
32-bit + 64-bit Binary environments studied
Worked directly with allocator behavior, process memory state, and OS-level primitives. Demonstrated deep debugging fluency across binaries, kernels, and crash remediation work.
Web Vulnerability Research and… Application Security
2023 Challenge The goal was to move…
Approach Built Python tooling to reproduce and…
Result That work shifted application security…
Shift-left Security placement in delivery
Automated Rule-driven vulnerability checks
Developer-usable Remediation guidance outcome
Application Security 2023
Web Vulnerability Research and Remediation Tooling Built Python tooling to replicate and fingerprint SQL injection and XSS patterns across production-like environments.
Translated vulnerability research into secure coding guidance and CI/CD rules that eliminated injection vectors earlier in delivery.
Shift-left Security placement in delivery
Implemented Semgrep and CodeQL policies to catch risky patterns before release. Created remediation guidance developers could actually apply during normal delivery work.
Security Monitoring and IAM… Detection
2023 Challenge The challenge was to increase…
Approach Centralized logs from 13-plus systems into…
Result The outcome was stronger operational…
13+ Systems feeding shared visibility
Zero downtime Certificate and key rotation…
Compliance-aware Operational control design
Detection 2023
Security Monitoring and IAM Compliance Automation Engineered a centralized ELK platform that ingested logs from more than 13 distributed systems and automated detection and response triggers.
Improved visibility into indicators of compromise while automating cryptographic key and certificate lifecycle management with zero downtime.
13+ Systems feeding shared visibility
Developed behavior-based detections and automated response logic for higher-confidence alerts. Aligned key rotation and certificate management with PCI DSS and NIST expectations.