Socket23

Projects

Practical implementations, research, and open-source contributions

Featured Projects

Hardened Docker Infrastructure

Production-ready static site deployment with security hardening

This very website serves as a demonstration of security-first infrastructure design. Built with Docker Swarm on ARMv7 hardware, it showcases defense-in-depth principles including:

  • Read-only container filesystems with tmpfs mounts
  • Unprivileged NGINX running as non-root user
  • All Linux capabilities dropped (cap_drop: ALL)
  • Strict Content Security Policy headers
  • Multi-architecture image builds (amd64, arm64, armv7)
  • HAProxy TLS termination with Let's Encrypt
  • IPFire firewall integration

Technologies: Docker Swarm, NGINX, HAProxy, IPFire, GitHub Container Registry, Multi-arch builds

View on GitHub →

ThreatGuard - Custom GPT for Threat Hunting

AI-powered threat hunting assistant analyzing DShield honeypot data

Custom GPT built for threat hunting operations, analyzing DShield honeypot data via ELK SIEM. ThreatGuard identifies threats, correlates attacker information, and generates detailed reports following the "Attack Observation Template v3.0" standard.

  • Automated threat analysis from honeypot data
  • CVE correlation and vulnerability assessment
  • Attacker infrastructure mapping and correlation
  • Standardized threat reporting with external data enrichment
  • Integration with ELK SIEM for real-time analysis

Technologies: ChatGPT Custom GPT, ELK Stack, DShield API, Threat Intelligence Feeds

Try ThreatGuard GPT →

Model Context Protocol (MCP) Server Implementations

Building AI agent infrastructure with Model Context Protocol

Hands-on experience implementing Model Context Protocol servers to enable AI agents to interact with security tools, databases, and infrastructure. This emerging technology allows LLMs to access external context and tools in a standardized way.

  • MCP server development for security tool integration
  • Agentic framework implementations for automated workflows
  • Integration with Open-WebUI for enhanced AI capabilities
  • Custom tool development for security automation
  • Secure API design for AI-to-infrastructure communication

Focus Areas: AI agent orchestration, security tool automation, context-aware AI systems

Advanced Lab Infrastructure

Production-grade security research and testing environment

Comprehensive lab demonstrating enterprise-level infrastructure and security capabilities:

  • 8-Node Docker Swarm: Orchestrated via Portainer CE, deploying OWASP Juice Shop, Open-WebUI, MCP services, and agentic frameworks
  • Proxmox Server: ZFS RAIDZ1 storage, Security Onion for IDS/NSM, CAPEv2 for malware analysis
  • Local LLM Deployment: Qwen 3 models (30B, 235B, Coder 480B) using Ollama and LM Studio with RTX GPU acceleration
  • Security Monitoring: Full packet capture, IDS/IPS, malware sandboxing, threat intelligence correlation
  • Redundancy & Backup: Shared storage, automated backups, data integrity verification

Technologies: Docker Swarm, Proxmox, ZFS, Security Onion, CAPEv2, Ollama, LM Studio, OWASP, Open-WebUI

SANS ISC DShield Honeypot Project

Contributing to global threat intelligence through honeypot deployment

Active participant in the SANS Internet Storm Center's DShield honeypot project, collecting and analyzing real-world attack data to contribute to global threat intelligence.

Deployment Details:

  • Platform: Raspberry Pi running DShield honeypot software
  • Data Collection: SSH, Telnet, HTTP attack attempts and malware samples
  • Threat Intelligence: Daily submission of attack data to SANS ISC
  • Analysis: Custom scripts for analyzing attack patterns and trends
  • Integration: Feeds data into ThreatGuard GPT for enhanced threat hunting

Contributions:

  • Real-time attack data shared with global security community
  • Malware samples submitted for analysis
  • Attack pattern identification and reporting
  • Hands-on experience with attacker tactics and techniques

View DShield Project →

Areas of Focus

Container Security

Hardening Docker and Kubernetes deployments with security best practices, minimal attack surfaces, and defense-in-depth strategies.

Infrastructure as Code

Automated, reproducible infrastructure deployments using modern DevOps practices and security-first design principles.

Network Security

Firewall configuration, network segmentation, and secure routing architectures for both on-premise and cloud environments.

Linux Hardening

System-level security configurations, kernel hardening, and secure service deployment on Linux platforms.

Security Automation

Scripting and automation for security operations, compliance checking, and continuous security monitoring.

Emerging Technologies

Research and practical application of new technologies including AI/ML for security, zero-trust architectures, and modern authentication systems.

Open Source Contributions

GitHub Activity

We believe in contributing back to the open-source community that has enabled so much of modern infrastructure. Our repositories showcase practical implementations of security and infrastructure concepts.

View GitHub Profile →

Featured Repositories

  • site-infrastructure - Hardened Docker Swarm deployment with security-first design
  • Security automation scripts - Python tools for security operations
  • MCP server implementations - Model Context Protocol integrations
  • SIEM detection rules - Custom detection content for ELK/Splunk

⭐ Star repositories you find useful | 🍴 Fork and contribute

GitHub Stats: Total Commits (last year): 35, Total PRs: 1, Total Issues: 5, Contributed to: 3

Interested in Collaboration?

We are always interested in discussing security challenges, infrastructure projects, and potential collaborations.

Get in Touch View Services