Cybersecurity & Incident Response

About This Project

Real-world security work: investigating breaches, finding the attack vector, cleaning up injected code, and hardening systems so it does not happen again. A recent case: a client running OpenCart on Hostinger was targeted by a competitor. The attackers brute-forced the hosting panel, injected their own IP address into the OpenCart API configuration, and silently exfiltrated order and customer data ? designed to look like normal traffic so the client would not notice. I identified the intrusion vector, traced the injected API keys, audited all modified files, removed the malicious code, rotated all credentials, and implemented monitoring to detect future attempts. Services I provide: full security audit of web apps and servers (OWASP Top 10, SQL injection, XSS, CSRF, file upload vulnerabilities), hosting environment hardening (SSH keys, firewall rules, fail2ban, PHP hardening), breach investigation and cleanup (log analysis, file integrity check, malware removal), CMS hardening for WordPress, OpenCart, and custom PHP apps, and post-incident monitoring setup. I do not offer offensive security or penetration testing ? this is defensive work: finding what is broken, fixing it, and making sure it stays fixed.