I am an undergraduate student learning about systems security. I am not an expert—I am still figuring out how things work, one small project at a time.
I build small CLI tools in Python to understand concepts like firewall configurations, password policies, and network sockets. Each project is a way to learn something new, not a production-ready solution. I try to document what works, what doesn't, and what I still don't understand.
Goal: Understand what a basic Linux security audit involves by checking
common configuration points.
What It Does: A read-only Python script that checks firewall status
(ufw/iptables), SSH root login configuration, and password policy presence. Outputs a
simple terminal report marking each check as OK, NOT CONFIGURED, or UNKNOWN.
What I Learned: Most security hardening comes down to correctly
configuring existing system tools. Reading config files taught me more than running
automated scanners.
Goal: Learn how TCP connections work at the socket level by building a
scanner from scratch.
What It Does: A Python TCP connect scanner that parses hostnames/URLs,
performs DNS resolution, scans a configurable port range, and maps open ports to common
services like HTTP, SSH, and FTP.
What I Learned: The difference between a SYN scan and a full connect
scan matters for detection. Using only the standard library (socket, time) forces you to
understand timeouts and connection states.
Goal: Understand what makes a password policy effective by implementing
one myself.
What It Does: A CLI tool that evaluates password strength against
configurable rules (length, character types, common patterns). Outputs a 0-100 score
with category labels and specific feedback on what failed.
What I Learned: Entropy calculations are straightforward, but real
security depends on preventing dictionary words and common substitutions. Policy
enforcement is harder than scoring.
Goal: Explore whether reinforcement learning could optimize brute-force
search order.
What It Does: A Python prototype using a basic Q-learning agent to
prioritize password guesses based on learned patterns. Currently runs on small test sets
only.
What I Learned: The state space of passwords is too large for simple RL
without heavy heuristics. This approach is not practically useful—the real value was
learning how RL agents work.
I attempted daily algorithmic challenges throughout December to practice coding under time constraints. The goal was consistency, not perfection.
What I practiced:
Build to Understand
I write small tools not because they're useful, but because building forces me to understand. Reading about port scanning is different from implementing socket connections.
Document Honestly
Every project here has limitations. I try to note what doesn't work and what I still don't understand. A broken prototype that teaches something is more valuable than a polished clone.