Most cloud labs teach you how to deploy infrastructure.
I wanted one that teaches how to defend—and attack—it safely.
So I built a Cloud Security Home Lab.
Github : https://t.co/qIePG8fRAH
The workflow is simple:
Attack (CloudGoat)
→ Validate telemetry
→ Build detections
→ Implement remediation
→ Repeat
Built with:
Terraform
AWS
CloudGoat
Sigma
CloudWatch
Athena
AI-assisted log analysis
The biggest lesson?
Cloud security isn't just finding misconfigurations.
It's understanding how attackers abuse them and building detections before fixing them.
#AWS #CloudSecurity #Terraform #CloudGoat #PurpleTeam #CyberSecurity
Most AI demos end with:
Prompt → LLM → Response
Production AI looks very different.
I built Cloudob Security, an agentic customer support platform to understand what production GenAI systems actually require.
Github : https://t.co/TPFAEHvmSN
It includes:
LangGraph agent with memory
Hybrid RAG
Tool calling
Prompt injection & jailbreak guardrails
Groundedness validation
Human escalation
FastAPI backend
Enterprise Next.js dashboard
The biggest takeaway?
The model is only one part of the system.
The engineering around it is what makes it production-ready.
#GenAI #LangGraph #RAG #LLM #AIEngineering
SOC analysts spend a lot of time translating ideas into queries.
I wanted to see if AI could help.
So I built an agentic SOC analyst for Microsoft Sentinel.
Github : https://t.co/tX1QunSk43
You describe a threat hunt in plain English.
The agent:
Chooses the right log table
Generates KQL
Validates it against an allow-list
Queries Azure Log Analytics
Uses Gemini to analyze the results
Maps findings to MITRE ATT&CK
I also built synthetic log generators so the entire pipeline can be tested without production data.
One lesson from this project:
AI agents become useful when they're paired with guardrails, validation, and deterministic workflows.
#CyberSecurity #SOC #GenAI #MicrosoftSentinel #Azure #LLM
Stop using AI to solve CTFs.
Use AI to become better at them.
I'm building Aide - an AI cybersecurity mentor for TryHackMe, Hack The Box, PortSwigger, and CTFs.
Instead of giving you the flag or the exact exploit, Aide watches your workflow, understands what you've already tried, and gives progressively better hints based on where you're stuck.
It can:
• Understand your terminal activity
• Detect the current room you're working on
• Retrieve relevant documentation and public learning resources
• Explain concepts instead of dumping solutions
• Supports Claude, Gemini, OpenAI, Groq, OpenRouter, Ollama, and more using your own API keys
Think of it as GitHub Copilot for cybersecurity learning.
Currently building the first version. I'd love to hear what features you'd want to see.
My first project which got starred on github by someone and also got approached by someone for marketing this for free .
Day 4: Building docapi – Reliable Document Extraction for AI Agents
Github : https://t.co/mEYKHgBVCw
Website : https://t.co/zEpQxZzxLJ
One thing I noticed while building AI applications is that LLMs are impressive until they have to extract structured information from real-world documents.
Messy invoices, receipts, forms, and PDFs often lead to hallucinations, inconsistent outputs, or invalid JSON.
So I built docapi.
The goal is simple:
Give it a document and a schema. Get back JSON that matches your schema or a structured error explaining why it couldn't.
Some of the features include:
-REST API and MCP support for AI agents
-Schema-validated JSON output
-Grounding checks to reduce hallucinations
-Deterministic date normalization
-Long-document chunking
-Confidence scoring
-Local inference with Ollama or cloud models like Claude
-Evaluation harness for measuring extraction accuracy
One of the biggest lessons from this project was that building reliable AI systems isn't just about choosing a better model.
It's about combining deterministic software engineering with LLMs so the final system is predictable, reliable, and production-ready.
This project also gave me experience designing APIs, building evaluation pipelines, writing automated tests, and thinking about reliability instead of just model performance.
#AI #GenAI #LLM #RAG #Python #MCP #AIEngineering #OpenSource #LearningInPublic #StudentDeveloper
Most developers use OAuth.
I wanted to understand how it actually works.
So I spent part of my vacation building a production-grade OAuth 2.1 + OpenID Connect Authorization Server from scratch.
Github : https://t.co/odT352Jhuw
Some of the security decisions I implemented:
• Authorization Code + PKCE only
• JWTs signed with RS256
• Argon2id for password & client secret hashing
• Rotating single-use refresh tokens with reuse detection
• MFA support
• JWKS & OIDC Discovery
• Redis-backed sessions
• Token introspection & revocation
• Audit logging & security alerting
The biggest takeaway wasn't writing code.
It was understanding why modern identity systems make these design choices and how each security control helps mitigate real-world attacks.
Building it from scratch gave me a completely different perspective on authentication.
More projects from my vacation coming soon.
#OAuth #OpenIDConnect #CyberSecurity #AppSec #NodeJS #Identity #Authentication
Most people learn AWS by clicking buttons.
I wanted to understand what was actually happening behind the scenes.
So I built my first web server entirely with Terraform.
It provisions:
VPC (IPv4 + IPv6)
Internet Gateway
Route Tables
Public Subnet
Security Groups
Elastic IP
EC2
Apache2 via user_data
The biggest lesson wasn't writing Terraform.
It was finally understanding how networking pieces fit together and why Infrastructure as Code has become the standard for managing cloud infrastructure.
This is Day 2 of documenting everything I built during my vacation before college starts again.
Next stop: more AWS, AI, and security projects.
#Terraform #AWS #DevOps #CloudComputing #InfrastructureAsCode
Ok, time to start showing myself.
Before college starts again, I'm sharing what I worked on during my vacation—one post at a time.
Vacation recap (Part 1): Bug Bounty
• Submitted 10 bug reports
• Findings ranged from Low → High → Expert severity
• Reported an unauthenticated API exposure that could have exposed data related to ~39,070 investors & employees
• Explored CORS, GraphQL user enumeration, subdomain takeovers, CI/CD supply chain risks, excessive GitHub permissions, CSP, OAuth, auth flaws & information disclosure.
The biggest lesson?
Bug bounty isn't just about finding bugs.
It's about understanding how applications are built.
I spent hours reading JavaScript, tracing APIs, understanding authentication flows, and mapping business logic.
Not every report gets accepted.
Not every report earns a bounty.
But every report makes you a better security researcher.
More vacation projects coming over the next few days.
#BugBounty #CyberSecurity #AppSec #SecurityResearch
Building Lumen, an enterprise knowledge assistant for secure internal company search.
My focus is on making RAG systems safer, more reliable, and production-ready for real enterprise environments.
This is basically for my AI Security learning lol
Current Progress
FastAPI backend is running
Qdrant vector database deployed
Redis caching layer configured
PostgreSQL infrastructure in place
Local embedding pipeline implemented
Document chunking pipeline ready
Sample ingestion flow working end-to-end
Foundation established for guardrails, auditability, memory controls, and secure tool usage
Next Steps
Hybrid retrieval (vector + keyword search)
Reranking for better relevance
Source citations and traceability
Comprehensive AI security layer
The security layer will validate:
User inputs
Model outputs
Tool invocations
before anything reaches the user.
The goal is to build an AI system that organizations can trust, audit, govern, and scale.
#AIEngineering #RAG #GenAI #LLMOps #LangChain #LangGraph #MCP #VectorDatabase #Qdrant #FastAPI #AIAgents #AISecurity #Guardrails #NeMoGuardrails #Observability #PydanticLogfire #KnowledgeManagement #MachineLearning #ArtificialIntelligence #BuildingInPublic
This is one of the less talked about challenges in AI. Getting agents to act is one thing, but knowing who authorized them, what they agreed to, and what happens when something goes wrong is just as important. Glad to see work being done on the trust and accountability side, not just the capability side.
@hedera@ADRorg@ManceHarmon Agentic commerce won't scale without accountability. The technical challenge isn't just enabling autonomous transactions - it's defining responsibility when those transactions go wrong.