Skip to content

πŸ›‘οΈ Cybersecurity Writeups & Learning

This repository contains technical writeups, research notes, tutorials, and certification study materials documenting my hands-on cybersecurity learning journey.
The focus is on practical security engineering, real-world attack scenarios, and defensible mitigation strategies across cloud security, application security, identity, and DevSecOps.

The content is written to reflect how security is applied in production environments, not just theoretical concepts.

πŸ“š Contents Overview

  • Tutorials – Step-by-step, implementation-focused guides
  • Research – Deep dives into common security failures and attack patterns
  • Certification Notes – Structured study notes with hands-on labs
  • Cloud & Identity Security – Azure, Entra ID, Zero Trust, IAM
  • Application & API Security – OWASP, OAuth, threat modeling
  • DevSecOps – CI/CD security gates and supply chain protection

All writeups are written in Markdown and designed to be: - Easy to read on GitHub - Reusable for portfolio websites - Expandable over time

πŸ“˜ Tutorials

πŸ”Ή Building a Secure Azure Landing Zone

Topics: Azure, Cloud Security, IAM, Network Segmentation, Governance
A security-first guide to designing and deploying a production-ready Azure Landing Zone with enforced guardrails, identity governance, centralized logging, and policy-based compliance.

πŸ“‚ Path: 

docs/tutorials/azure-landing-zone/

πŸ”Ή OWASP API Security Top 10: Practical Mitigations

Topics: API Security, AppSec, OWASP, Node.js, .NET
A practical breakdown of the OWASP API Security Top 10, focusing on how vulnerabilities appear in real systems and how to mitigate them using secure backend design patterns.

πŸ“‚ Path: 

docs/tutorials/owasp-api-security-top-10/

πŸ”Ή Detection Engineering with Microsoft Sentinel

Topics: SIEM, Detection Engineering, KQL, Cloud Security
A hands-on guide to building high-signal detections in Microsoft Sentinel, focusing on identity abuse, lateral movement, and privilege escalation.

πŸ“‚ Path: 

docs/tutorials/detection-engineering-sentinel/

πŸ”Ή Implementing Security Gates in CI/CD Pipelines

Topics: DevSecOps, CI/CD, SAST, SCA, Supply Chain Security
A practical DevSecOps guide to integrating enforceable security gates into GitHub Actions and Azure DevOps pipelines.

πŸ“‚ Path: 

docs/tutorials/ci-cd-security-gates/

πŸ”Ή Securing Azure Entra ID (Zero Trust)

Topics: Azure Entra ID, IAM, Zero Trust, Identity Security
A real-world guide to hardening Azure Entra ID using Zero Trust principles, Conditional Access, MFA, PIM, and identity monitoring.

πŸ“‚ Path: 

docs/tutorials/securing-entra-id/

πŸ”¬ Research

πŸ”Ή Threat Modeling a Multi-Tenant SaaS Application (STRIDE)

Topics: Threat Modeling, STRIDE, SaaS, AppSec
A step-by-step threat modeling walkthrough applied to a multi-tenant SaaS CRM application, focusing on authorization, tenant isolation, and identity threats.

πŸ“‚ Path: 

docs/research/threat-modeling-saas/

πŸ”Ή Common OAuth 2.0 Misconfigurations and Exploits

Topics: OAuth, Authentication, Web Security
An analysis of real-world OAuth implementation flaws including redirect URI abuse, missing state validation, token leakage, and insecure flows.

πŸ“‚ Path: 

docs/research/oauth-misconfigurations/

πŸ”Ή Advanced Cloud Security Engineering (IAM, DevSecOps, Architecture, Detection)

Topics: Cloud Security, IAM, DevSecOps, Detection Engineering, Zero Trust, Azure
A production-grade research report covering workload identity federation & secretless CI/CD, policy-as-code (Rego/Checkov), supply-chain security (SBOM, Cosign/SLSA), micro-segmentation & Private Link, envelope encryption, and detection engineering with KQL.

πŸ“‚ Path: 

docs/research/enterprise-cloud-security-engineering/

πŸŽ“ Certification Notes

πŸ”Ή CompTIA Security+ Study Notes & Labs

Topics: Network Security, IAM, Cryptography, Incident Response
Comprehensive Security+ study notes covering all exam domains, reinforced with hands-on lab exercises and real-world context.

πŸ“‚ Path: 

docs/certification-notes/security-plus/

πŸ—‚οΈ Repository Structure

cybersecurity-writeups/
β”‚
β”œβ”€β”€ README.md
β”‚
β”œβ”€β”€ docs/
β”‚   β”œβ”€β”€ tutorials/
β”‚   β”œβ”€β”€ research/
β”‚   β”œβ”€β”€ certification-notes/
β”‚   └── assets/
β”‚
└── .gitignore

Each writeup lives in its own folder with a dedicated README.md to allow for expansion, diagrams, and additional sections over time.

🎯 Goals of This Repository

  • Demonstrate applied cybersecurity knowledge
  • Show structured security thinking and documentation skills
  • Bridge the gap between theory and production security
  • Serve as a reusable reference for future projects
  • Support a professional cybersecurity portfolio

πŸ” How to Use This Repo

  • Browse topics directly on GitHub
  • Link individual writeups from a portfolio website
  • Reuse content for blogs or documentation
  • Extend sections with diagrams, labs, or tooling

πŸš€ Future Additions

Planned or potential future topics include: - Cloud detection engineering use cases - Advanced identity attack simulations - Purple team exercises - Incident response playbooks - Infrastructure threat modeling

πŸ“œ Disclaimer

All content in this repository is for educational and defensive purposes only.
No offensive exploitation techniques are provided beyond what is necessary to understand and mitigate security risks.

πŸ‘€ Author

This repository reflects my ongoing journey in cybersecurity, with a focus on cloud security, application security, identity, and DevSecOps.

Feedback, discussion, and constructive suggestions are always welcome.

πŸ“š Index

This section is autogenerated. Do not edit entries here directly; update each writeup’s front matter instead.

☁️ Cloud Security

πŸ’» Application Security

πŸ›‘οΈ DevSecOps

πŸ•΅οΈ Threat Intelligence

πŸ“˜ Tutorials

πŸ”¬ Research