> The Lab

Live Security Experiments, Explained Clearly

Two projects. One maps security ownership in real time. The other simulates attack pressure on a network handshake. Each section is written in plain language: what was broken, what I changed, and what improved.

Project 01: SKG Project 02: Tor Defense Sim

Read Order

1. Snapshot

Start with the project cards to understand intent and current status.

Read Order

2. Breakdown

Go deeper into architecture, tradeoffs, and security logic.

Read Order

3. Run It

Launch the live demo links to see the system behavior directly.

If You Only Read One Thing

SKG in One Sentence

Stop asking ten tools ten different questions. The graph gives one connected view of people, systems, and risk so teams can act faster.

If You Only Read One Thing

Tor Sim in One Sentence

Defense gets real when attackers must spend real compute before the network accepts their handshake traffic.

Project 01

Security Knowledge Graph

In Development

Flat security lists break under pressure. This graph connects people, systems, code, and business risk so decisions come from context instead of guesswork.

In Plain English

When an alert fires, you can instantly see who owns it, what it touches, and how important it is to the business.

Problem

Stale inventories and disconnected tools.

Approach

Model relationships as nodes and edges.

Result

One query answers cross-system risk fast.

Security Knowledge Graph front door

SKG Front Door: real-time ownership and risk map

Example Query

SHOW public_servers
  WHERE vulnerable_to = "Log4j"
  AND owner.status = "terminated"
  AND owner.last_day <= NOW() - 30d
RETURN server_id, owner.name, business_unit, service_name;

Before vs After

Before

Multiple stale exports, no consistent owner context.

After

Single relationship map with actionable owner and dependency links.

Open SKG Read Methodology

Project 02

Tor Network Defense Simulation

Mission Complete

This simulation shows why layered defense matters. It starts with cheap attacker packets and ends with enforced compute cost at the handshake gate.

In Plain English

The attacker used to spend almost nothing while the server did expensive work. Now the attacker pays first.

Phase One

Handshake Asymmetry

A single inbound knock forced expensive outbound cryptographic work. Four bots could redline a high-capacity target through cost imbalance.

Phase Two

Rendezvous Exhaustion

Modeling the rendezvous point as its own zone exposed ghost circuits. The server burned cycles while network rendezvous lanes clogged.

Phase Three

No More Simulation Theater

Defense became real only after sequential lock enforcement. Attackers had to physically compute proof-of-work before traffic advanced.

Topology

Separate IP and RP lanes to reduce signaling noise.

State Logic

Serialize handshakes to respect hardware limits.

Proof-of-Work

Shift cost to attacker compute as a gate.

Before vs After

Before

Cheap inbound knocks forced expensive server-side work at scale.

After

Serialized PoW gate enforces compute cost before handshake progress.

Run Simulation Discuss Your Environment

Core Conclusion

Security Is a Filter Stack, Not a Single Wall

Both projects converge on the same principle: make context visible, force real costs for abuse, and move decisions closer to real system behavior.