Khamani R. Simmond

• Detect and investigate fraud and account takeover (ATO) incidents using tools such as Accurint, Splunk and Twilio.
• Analyze suspicious activities and security alerts, including phishing emails and cyber threats, to mitigate risks and protect customer accounts.
• Document findings, create reports, and present investigation results to management.

• Used Nmap to scan the target system, identifying open TCP/UDP ports, which exposed running services.
• Leveraged OWASP ZAP to analyze a web application, uncovering SQL injection vulnerabilities in the login form.
  
• Simulated a brute-force attack using Medusa, successfully cracking the password with a common wordlist.
  
• Exploited an FTP vulnerability, creating a new sudo user and gaining elevated privileges.
  
• Used DirBuster to enumerate hidden directories, revealing sensitive files stored on the web server.
  
• Executed an SQL injection attack, enabling the unauthorized creation of an admin account.
  
• Performed a brute-force attack on the SQL Server, successfully recovering the password and gaining database control.
  
• Launched a SYN flood attack, overwhelming the target system's CPU and memory, causing service disruption.
  
• Identified and exploited an unpatched remote code execution vulnerability, demonstrating a critical risk to the system.

Event Counting: The program dynamically extracts node values and counts occurrences, displaying each node alongside its event count.

IP Address Filtering: An octet value is provided, and the program searches for matching second or third octets, listing relevant IPs with a summary count.

First Octet Analysis: IP addresses are analyzed to extract the first octet, count occurrences, and present a frequency distribution.

Message Extraction: Event messages (e.g., "failed login") are identified and displayed as a unique list.

Exception Handling: try/except blocks manage file operations, logging errors such as missing or unreadable files to an error log.