From Dreams to paper and from paper to reality
SSH Attack & Defense
As SSH remains a critical and popular attack vector , I executed this custom project in a home lab to gain practical experience against SSH brute force attacks. The experiment spanned three phases: Initial Attack, Defense Implementation, and Test Attack. I leveraged a set of key tools, including a Linux host, Kali Linux for the attack machine, Splunk Enterprise, Iptables, Nmap, and Metasploit. This project provided valuable, hands-on experience in using Splunk and Iptables to effectively mitigate brute force attacks.
Mode: Offense
To start, I deployed the Kali Linux virtual machine and installed/enabled SSH on the target host. I used Nmap to confirm port 22's availability on the target machine. The core attack involved using the Metasploit Framework with the ssh_login tool to brute-force the SSH connection. I used custom, small wordlists to expedite the experiment. I noted that the attack was slow, even with high thread counts, due to SSH's built-in brute force mitigations.
Mode: Defense
My defense strategy focused on network rate-limiting and monitoring. I implemented Iptables rules on the host machine using the -I flag to prioritize them. Specifically, these rules were set to drop packets from an IP if it made more than four new connection attempts to port 22 within 60 seconds. For visibility, I added SSH authentication logs into Splunk Enterprise. After searching for invalid login attempts and extracting fields using regex , I created a real-time Splunk alert to notify me of failed SSH login attempts.
outcome
​Through this experiment, I gained valuable practical experience leveraging Splunk and Iptables to effectively mitigate SSH brute force attacks. I learned how to implement rate-limiting rules on port 22 and successfully set up real-time alerts in Splunk by extracting fields from authentication logs. This project highlighted that while SSH has built-in protections, future system hardening should include disabling root access and requiring Multi-Factor Authentication (MFA).
Typic
In this minimalistic typing game, the player practices memorizing the keyboard, including uppercase and lowercase letters, symbols, and numbers. Background algorithms populate missed characters more often to enhance player learning.
​
I learned Godot features like scene switching, implementing a UI, object linking, and more from the internet. I also applied class structure, coding best practices, algorithms, and more from college courses. It took part of a summer to construct, and then a few months during college to reconstruct the game design and code base.
Multi-page SYstem
I divided scenes and major tools into individual files to organize this project. This helped make project management easier and allowed for fluid building.
​
It was convenient to add new pages and join them with the system. For example, integrating the score page into the rest of the system did not take long because each page followed a similar setup pattern, and I only needed to connect it with the data and homepage.
Interweaved Graphics
I created background images using Affinity Designer 2 and Godot's powerful integrated UI. I also used key-frame animations to blend scenes with smooth transitions.
Documented Code
I use programming best practices from college courses to make the code readable.
​
Well-placed comments, spacing, and organization helped me get up to speed on old GDScript files, boosting my productivity.
​
For instance, the documentation aided in updating the data page because there were dozens of variables to keep track of. Including a new change or updating a variable was easy because of the comments and overall code structure.
Multi-version Game
Typic underwent three versions: Code Typer, Typic Prototype, and Typic. The first was created with Raylib, the same C++ library used to make Math Bash. The second was made with Godot; however, messy code and limited knowledge from my younger self slowed my progress and did not meet my expectations, so I restarted with a clean slate. Afterward, I created the final version of Typic as I went through more courses, and it turned out better than originally planned.
cODE tYPER
1
The first version of Typic was made with the C++ Raylib library. and served as a rough idea of what I wanted: memorization of keyboard numbers and symbols.
tYPIC pROTOTYPE
2
For the prototype of Typic, I switched from C++ to the Python-like GDScript language, and the workflow was much smoother with Godot's various tools. This version gave me a more precise draft of my vision.
tYPIC
3
The final version of Typic was realized after revisions, hours of work, research, and planning. The game has helped me create symbol-heavy programs much faster.