PROJECTS
Hands-on projects across various fields.
Secure Local Mail System with Machine Learning-Based Spam Detection Under Adversarial Conditions
Implemented a local SMTP mail system, integrated spam-filtering pipeline to evaluate ML spam detection under adversarial manipulation. Trained and compared a classical baseline (TF-IDF + LR) against a transformer (DistilBERT), and stress-tested both with automated evasion attacks (char edits, synonym swaps, and text dilution) to measure robustness loss with standard classification metrics and structured experiment reporting.
Set up a secure email environment and tested whether spam detection models still work when spam messages are slightly rewritten to slip past filters.
Sweaty: Social Game Diary & Discovery Platform
Building a mobile "Letterboxd for games" application with React Native (Expo) + TypeScript, backed by Supabase/PostgreSQL secured via Row Level Security, and a Next.js API layer for IGDB proxying/admin operations. Implemented game logging (statuses, ratings/stars, reviews, favourites), social features (followers + activity feed), and discovery (curated lists + personalised recommendations + news), with performance-focused caching for external data (e.g., OpenCritic score TTL caching) and mobile-optimised UX/UI.
I'm building a game-tracking app where you can log what you play, rate and review games, follow friends, and discover new titles through curated lists and dynamic recommendations — it's currently in development and will be released soon.
Penetration Testing: Vulnerable VM Pen Test
Planned and executed a structured penetration test against a vulnerable VM, covering recon and service discovery, identification of insecure legacy services (e.g., FTP/Telnet), and web-layer testing with request interception/manipulation to validate exploitability. Produced a professional pentest-style write-up with prioritised findings, evidence, and remediation guidance.
I ethically hacked a practice machine to find real weaknesses, proved what could be exploited, and wrote clear fixes to prevent it.
Secure Transaction Protocol + Infrastructure Hardening Plan
Designed a practical cryptographic transaction flow for customer orders and payments, ensuring confidentiality, integrity, and authentication under realistic operational/compliance constraints. Developed a defence-in-depth hardening plan including a segmented firewall policy (3-tier rules), IDS/IPS detection logic (Snort rules), and an Ubuntu server hardening checklist aligned to common web/app/database threat models.
I designed how an online shop should protect payments and customer data, then mapped out the security controls needed to prevent attacks and detect suspicious activity.
Enterprise Networking: Segmented WAN with Selective IPsec
Designed and implemented an enterprise WAN in GNS3 using MPLS VPN segmentation (P/PE model with OSPF in the core and VRF-based isolation), plus selective IPSec protection for sensitive traffic only (balancing security vs performance). Added access-control constraints between departments, justified SQL service placement using performance modelling, and delivered structured implementation + verification evidence (show/ping/traceroute/crypto state/DHCP validation).
I simulated a company-wide private network that keeps departments separated, encrypts the right traffic, and still performs well, then tested it end-to-end.
Digital Forensics: RAM-to-Disk Forensic Timeline Reconstruction
Conducted an end-to-end DFIR investigation across a RAM dump and HDD image, correlating volatile artefacts with persistent evidence to rebuild user activity, intent, and a defensible timeline; produced an investigative report with structured evidence tagging and clear findings aligned to forensic process and reporting standards.
I analysed a computer's memory and hard drive to piece together what happened, when it happened, and what it meant for the accused, then wrote it up like a real investigation.
Client Audit + Security Assessment Report
Conducted a small-business security audit for a client in Newcastle, assessing real-world risks across users, devices, network setup, and operational practices. Translated technical findings into a client-friendly security improvement plan, delivering a structured report with a risk-rated breakdown of issues, prioritised recommendations, and practical implementation guidance communicated in accessible language for non-technical stakeholders.
I reviewed a small business's security, found what could go wrong, and explained exactly how to fix it in a way the client could understand and act on.
Networking: Secure VLAN Routing + Layer-2 Hardening
Designed efficient VLSM subnetting and implemented a routed VLAN network with inter-VLAN routing, streamlined dynamic routing behaviour, device hardening (password controls + management access), and validation via show/ping/traceroute evidence. Extended the work with spanning-tree reasoning and STP attack mitigation, plus hands-on Packet Tracer implementation and narrated verification.
I built a realistic small enterprise network, made it secure and reliable, and proved it works through testing and troubleshooting.
Qualitative Study: Young-Adult Security Literacy Study
Designed and delivered a qualitative usable-security study on young adults' password hygiene and safeguard adoption, using semi-structured interviews, ethics-aware data handling, and rigorous literature synthesis to extract actionable security UX insights.
I interviewed young adults to understand how they actually handle passwords and online safety, then turned the patterns into practical recommendations.
REST API Build + Architecture Blueprint
Engineered an object-oriented PHP REST API (front-controller routing, clean URLs, JSON-first responses) backed by SQLite, with API-key header auth, input sanitisation, robust error handling, and documented endpoints (search + pagination + CRUD where required). Then produced a future-proof architecture spec for scaling to multiple conferences with per-conference DB isolation, admin workflows, user accounts, personal notes, schedule support, and engagement analytics (4+1 views).
I built the backend that powers a conference app (like the data engine), then designed how the whole system should scale safely as features and users grow.
Operating Systems: Concurrent C Systems + HA DNS/Web Infrastructure
Built an OS-focused C implementation demonstrating process creation, POSIX threading, scheduling behaviour, and safe synchronisation (mutex + semaphore) in a producer/consumer style workflow. Then designed a replicated DNS setup with BIND9 and delivered a secure, load-balanced Apache web service architecture suitable for high availability, including integration of DNS records to route traffic via the load balancer.
I coded a mini "operating-systems" program that handles processes and threads safely, and I also designed a real company-style setup where DNS and multiple web servers work together securely with load balancing.