Cybersecurity Projects & Research

Open-Source Tools, Case Studies & Device Hardening Guides

Explore real-world threat detection tools, documented attack case studies, and comprehensive device security checklists. All resources are free, open-source, and battle-tested against APT28 nation-state actors.

365

Days Under Attack

Device Checklists

100%

Free & Open Source

What Makes This Approach Different?

A glowing neon icon of a magnifying glass and a laptop, both displaying code symbols. The magnifying glass is blue, and the laptop is purple, set against a black background with a soft, colorful glow.

Algorithmic Behavioral Defense

Most cybersecurity teams respond to signals; I model them. I apply search-engine–style analysis to network and human behavior—profiling patterns, drift, and anomalies the way an algorithm detects manipulation.

Multi-Device Defensive Strategies

99% of my defense work used multi-tier, multi-device tactics. I fought adversaries across IoT, phones, Pineapples, Stingrays, cars’ Bluetooth, cell towers, laptops, and even energy/side-channel systems used for air-gapped attacks. I combine telemetry and cross-device correlation to detect attacks that single-device tools miss.

A glowing neon smartphone icon in blue and purple hues with a faint target symbol displayed on its screen, set against a black background.

Real-World AI Adversary Combat

Under eleven months of continuous targeting by Russian actors and local harassment networks, I reverse-engineered attack flows and AI-driven tactics in real time—discovering signature behaviors of automated intrusion and deception systems and developing tailored countermeasures.

A glowing neon line graph with three connected points, shown in blue and purple colors on a black background. The graph forms an upward zigzag pattern.

Built Tools Under Fire

Every tool and script I built was designed and hardened while actively under attack—live forensics, anomaly detectors, and containment tooling that worked in the field. These are survival-tested, not theoretical.

Free Cybersecurity Tools for Everyone

OPEN SOURCE BUILDS ON GITHUB

Ambient EMF Chaos Machine

Experimental environment for monitoring and manipulating ambient EMF patterns

Overview:
• Research and tooling for EMF signal behavior
• Ambient interference capture experiments
• Statistical chaos analysis integrations

Features:
• Multi-sensor data ingestion
• Signal pattern logging
• Real-time anomaly detection

Tech Stack:
• Python / Arduino / SDR integrations
• Data visualization stack
• Modular plugin system

Status:
• Experimental / active development
• Open-source prototype
• Invites research collaboration

Github Link

Windsurf Privacy Enforcer – Historical Access Clear

One-click clearing of historical access and privacy residue

Overview:
• Automates clearing of historical access data
• Enforces privacy baselines across environments
• Repeatable, safe operations

Key Features:
• Scripted clean sequences
• Dry-run and confirmation options
• Integrates with existing workflows

Tech Stack:
• Node / Python scripts
• CLI interface
• Cross-platform focus

Status:
• Open-source
• Documentation in progress
• Great for privacy hygiene automation

Github Link

Stingray Location Triangulator

Detect IMSI catchers and monitor IoT devices across WiFi bands without switching networks

A comprehensive toolkit that combines cellular surveillance detection with advanced WiFi IoT monitoring. Using Software Defined Radio (SDR) and network analysis, this tool lets you detect unauthorized cellular surveillance devices (Stingrays), track their location through directional scanning and triangulation, and monitor IoT device communication across different WiFi bands—all while staying connected to your primary network.

Key Features:

🎯 Stingray Detection – Identify IMSI catchers using HackRF One SDR
📍 Positional Locator – Triangulate exact location through directional scanning
📡 WiFi IoT Monitoring – Scan 2.4 GHz networks while connected to 5/6 GHz
🏠 Google Home Discovery – Find Cast devices via mDNS across all bands
🔍 Network Device Scanner – Identify all devices with MAC addresses and vendor info
📊 Cross-Band Traffic Analysis – Monitor communication between devices on different WiFi bands
🛡️ Privacy-First – 100% passive receive-only monitoring, FCC compliant
📱 GUI Application – Visual directional scanning with automated scheduling

Use Cases:

Detect unauthorized cellular surveillance in your area
Monitor smart home IoT devices without network switching
Identify which 2.4 GHz devices communicate with 5/6 GHz hubs
Security research and privacy protection
Network topology mapping and device discovery

Github Link

Pineapple Express

Tools & tactics for detecting rogue AP cloning and Wi-Fi hijacking

Overview:
• Detect SSID clone behavior & suspicious auto-connect events
• Daily SSID rotation workflows
• Field notes for investigation hygiene

Toolkit:
• AP scanning & signal heuristics
• Isolation & recon safety procedures
• Response checklists

Tech Stack:
• Shell / CLI utilities
• Linux & macOS compatible
• Documentation-driven

Status:
• Public repo
• Community-friendly
• Actively refined

Github Link

Persistent Wireshark (StealthShark)

Headless, scheduled packet captures with logs & activity dashboards

Overview:
• Start/stop monitor with configurable capture duration & interval
• Interface activity board with live status tracking
• Automatic rolling PCAP saves to chosen directory

Key Features:
• Multi-interface monitoring
• Activity / Logs / Files tabbed views
• Built for stealthy, persistent data collection

Tech Stack:
• Wireshark / tshark automation
• Electron or headless Node UI
• Tailwind-styled panels

Status:
• Actively evolving
• Open-source roadmap in progress
• Ideal for long-running investigations

GitHub Link

Clock Stopper - NTP Detector

Real-time detection toolkit for clock spoofing attacks and Stingray/IMSI catcher surveillance

Comprehensive defense system born from a real-world October 2025 attack in San Diego. Detects NTP manipulation, GPS spoofing, and cellular surveillance devices through continuous monitoring and RF spectrum analysis.

Key Features:

Clock Guardian – Real-time NTP drift detection with multi-server validation (NIST, Google, Cloudflare)
RF Detector – Stingray/IMSI catcher detection via HackRF One spectrum scanning
Native GUI – Beautiful PyQt6 desktop app with system tray integration
Web Dashboard – Real-time visualization at localhost:8080
Auto-alerts – Instant notifications for time drift >5s or frequent adjustments (>3/hour)

Detection Capabilities:

Time manipulation attacks (gradual & sudden)
Guard band violations (758-767 MHz, 788-798 MHz)
Public safety spectrum abuse (746-756 MHz)
Signal triangulation & distance estimation
System log anomaly analysis (macOS/Linux/Windows)

Evidence Collection:

Prosecution-grade logging (JSON + detailed logs)
PCAP integration for network forensics
Timeline reconstruction
Chain of custody preservation

Based on Real Attack: Documented case study of 5-day Stingray deployment with 15 clock adjustments in 14 hours and 7,573 failed connections. Includes comprehensive white paper (condensed & full versions), legal analysis, and 20 AI-generated technical diagrams.

Github Link