BSc (Hons) Cybersecurity — First-Class Predicted | Accelerated entry via APL Targeting Cloud Security Engineering and long-term Security Architecture / CISO track roles.

• About
• Highlights
• Projects
• Lab Environment
• Skills & Stack
• Experience
• Education & Certifications
• GitHub Stats
• What I'm Building Toward

Security engineer and full-stack developer finishing a first-class cybersecurity degree, admitted directly into second year via Accredited Prior Learning. I find critical vulnerabilities, build regulated financial platforms, automate cloud infrastructure, and document everything properly.

My work deliberately spans offensive security and cloud/infrastructure engineering — I think the strongest security engineers understand how systems break and build accordingly. Long-term I'm aiming for Cloud Security Engineering, then Security Architecture and CISO level.

Black-box engagement covering a web application, subdomains, and four cloud-hosted targets. Discovered and responsibly disclosed a critical unauthenticated RCE vulnerability now recorded as a CVE.

• Identified CVE-2025-49132 — unauthenticated RCE in Pterodactyl Panel, CVSS 9.8, now patched
• Enumerated 269 undocumented API endpoints on port 8080 using ffuf
• Full OAuth2 security review: redirect_uri bypass, missing state parameter, absent PKCE
• Delivered 18-page executive and technical report with full remediation roadmap

Burp Suite Community Metasploit ffuf Nmap OAuth2

Core developer on an FCA-regulated financial complaints management platform built from scratch. Full architecture responsibility alongside security implementation and delivery pipeline.

• Monorepo NestJS 11 + Next.js 16 with PostgreSQL and Drizzle ORM
• 16 workflow stages, 32 state transitions across 6 RBAC roles
• SHA-256 evidence integrity hashing and immutable audit log
• Magic-link authentication, BullMQ cron scheduling, Docker Compose deployment
• CI pipeline with npm audit gate and security dependency scanning

NestJS 11 Next.js 16 PostgreSQL BullMQ Docker Drizzle ORM TypeScript

"Analyse to action" — a clarity method productivity app built in TypeScript. Designed to help turn messy thinking into structured action.

TypeScript

Repo: github.com/harryc295/untangle (private)

Serverless auto-remediation engine that detects and fixes four high-priority CIS Benchmark findings every 6 hours — fully deployed on the AWS free tier via a single terraform apply.

• EventBridge cron → Lambda (Python 3.11) pipeline at 6-hour intervals
• Check 1: S3 account-level public access block enforcement
• Check 2: EC2 security groups — auto-revoke 0.0.0.0/0 ingress on ports 22, 3389, 1433, 3306
• Check 3: IAM users with active keys but no MFA → keys deactivated automatically
• Check 4: VPCs missing flow logs → flow log created and directed to CloudWatch
• DynamoDB audit trail per action, S3 compliance JSON report, SNS email/Slack alerts

Python Terraform AWS Lambda EventBridge DynamoDB S3 SNS IAM CIS Benchmark DevSecOps

Repo: github.com/harryc295/automated-aws-cis-compliance

Two-phase FinOps automation project — started with a static proof of concept, evolved into a fully live AWS API integration.

• Phase 1 (static): GitOps pipeline, scheduled GitHub Actions cron, YAML-driven config, CSV ETL output
• Phase 2 (live): boto3 against the AWS Pricing API, IAM scoped to least-privilege, runs daily at 09:00 UTC

Python boto3 AWS Pricing API GitHub Actions IAM GitHub Secrets FinOps ETL

Repos: Live API · Static v1

Three-tier application deployed on Kubernetes with full observability, serverless compute, edge simulation, and zero-trust RBAC architecture.

• Kubernetes (Minikube) with Deployments, PVCs, Services, and Network Policies
• Zero-trust: RBAC + Network Policies enforcing least-privilege access between pods
• Prometheus + Grafana via Helm, OpenFaaS serverless functions, K3s edge simulation

Kubernetes Docker Terraform Prometheus Grafana OpenFaaS K3s Helm RBAC

Repo: github.com/harryc295/COM5408-cloud-project

Two-domain Active Directory forest simulating an enterprise network with RBAC, cross-platform authentication, automated deployment, and validated security controls.

• Root domain bolton.local / child domain derby.bolton.local — demonstrating domains as security boundaries
• Windows Server 2022 DCs + Ubuntu Desktop joined via realmd/SSSD with full Kerberos authentication
• Fine-Grained Password Policies, RBAC security groups, GPOs with documented risk rationale
• PowerShell DSC automated deployment + 12 Pester validation tests

Active Directory PowerShell DSC Kerberos SSSD Group Policy RBAC Pester

Repo: github.com/harryc295/BarmBuzz

Self-hosted automation platform combining n8n with a local Llama 3.2 model via Ollama. Runs a daily security news digest pipeline — RSS to formatted HTML to Gmail — entirely locally. Also wires DevSecOps pipeline hooks and vulnerability triage workflows.

Docker Compose n8n Ollama Llama 3.2 Redis PostgreSQL Self-Hosted AI

Repo: github.com/harryc295/devsecops-n8n-workflow-platform

Python CLI wrapping the Nessus REST API — automates scan launches, parses results, extracts critical findings, sends Slack webhook alerts, and generates CSV compliance reports.

Python Nessus API REST Slack API CSV DevSecOps

Repo: github.com/harryc295/nessuspipeline

Threat intelligence aggregator pulling from VirusTotal, Shodan, and AbuseIPDB. Enriches IOCs — IPs, domains, file hashes — with reputation scores, geolocation, and WHOIS data. Outputs structured JSON and a live HTML dashboard for incident response triage.

Python VirusTotal API Shodan AbuseIPDB OSINT IOC Enrichment Incident Response

Repo: github.com/harryc295/threat-intel-aggregator

Open-source C++ tool for static PE malware analysis — loads any Windows executable and surfaces disassembly, pseudo-code, imports/exports, hex view, strings, and a scored threat summary. Built to cut manual overhead so analysis time goes on decisions, not mechanics.

• x86/x64 disassembly via Zydis with annotated call targets and ~130 Win32 API tooltips
• Entropy-coloured sections table, W+X detection, packer signatures, IOC string scanning, scored threat overview
• Pseudo-C code lifter, call graph, YARA rule scanning, byte-pattern search, navigation history
• ImGui docking UI with 3-page onboarding wizard, custom app icon, and maximised-on-launch window
• JSON report export, per-function rename/bookmark/xref, layout versioning

C++20 CMake vcpkg ImGui Zydis YARA Reverse Engineering Static Analysis

Repo: github.com/harryc295/Binary-slammer

Secure offline password manager using AES-256-GCM and PBKDF2-HMAC-SHA256. Full-screen UI, multi-vault support, auto-lock, PrintScreen blocking, secure clipboard clearing, password generation, and organised login/card/note management.

Python AES-256-GCM PBKDF2 Cryptography SQLite Zero-Knowledge

Repo: github.com/harryc295/Python-Vault (private)

Four-tool CLI security toolkit built across a five-week assessed penetration testing module. Fully headless and automatable via argparse.

Python argparse Sockets Paramiko Requests Offensive Security

Repo: github.com/harryc295/COM5413_Security_Portfolio

End-to-end complaints management platform built for a regulated financial services client. Handles full case lifecycle — intake, triage, investigation, resolution, and audit — with strict access controls and compliance requirements baked into the architecture.

• Multi-role workflow engine with configurable escalation paths and SLA tracking
• Immutable audit log with cryptographic evidence integrity
• Secure document handling and case history across all resolution stages

TypeScript NestJS Next.js PostgreSQL Docker

(Repository private — commercial project)

Finds AWS IAM privilege-escalation paths — permission chains that let a low-privileged principal reach AdministratorAccess in a few hops. Builds the IAM identity graph from a real account, walks it for known escalation techniques, and renders an interactive attack-path diagram with findings mapped to CIS/NIST controls.

• Detects ~12 known AWS privesc techniques (Rhino Security Labs research): self-privesc IAM actions, PassRole + Lambda/EC2, multi-hop AssumeRole chains, credential takeover
• networkx graph traversal for the multi-hop AssumeRole-chain detection — the one check that needs more than a single policy read
• Self-contained interactive HTML report (pyvis) — no web framework, no database, no hosting required
• Every finding mapped to CIS AWS Foundations / NIST CSF controls
• Offline demo fixture and pytest suite, runs with zero AWS setup

Python boto3 networkx pyvis IAM AWS Privilege Escalation CIS Benchmark Cloud Security

Repo: github.com/harryc295/iam-privesc-mapper

Companion to the IAM Attack-Path Mapper: instead of finding privilege-escalation paths that could be used, this watches real CloudTrail activity for the same techniques actually being used, plus a time-windowed correlation that only shows up once you're looking at an event timeline.

• 9 single-event detectors for dangerous IAM actions actually observed (Attach/Put policy, CreatePolicyVersion, UpdateAssumeRolePolicy, credential takeover)
• Role-passing and AssumeRole detectors that resolve to confirmed severity when cross-referenced against the IAM mapper's admin-equivalent findings
• One genuine multi-event correlation: an access key issued for someone, then used within minutes — classic credential-issuance-and-immediate-use
• Incident-response runbook per finding family: containment, investigation, notification, prevention
• Zero infrastructure to deploy — reads the account's existing 90-day CloudTrail history via lookup_events, no S3 export or Athena needed

Python boto3 CloudTrail IAM Incident Response Detection Engineering

Repo: github.com/harryc295/cloudtrail-privesc-detector

Third tool in the privesc series, applied to AI agents instead of AWS IAM: a static capability mapper that tags Claude/MCP tool configs and flags dangerous combinations, paired with a prompt-injection test harness that drives a real Claude tool-use conversation against adversarial payloads.

• Tags tools/MCP servers with capability flags (reads private data, exposed to untrusted content, can exfiltrate, can execute, persistent write) from real Claude tool-config shapes
• Detects the "lethal trifecta" (private data + untrusted content + exfil channel) — the most-cited real risk pattern in agentic AI security
• Prompt-injection harness: real two-turn Claude tool-use loop against three adversarial payload styles, with a pure, unit-testable verdict classifier
• Findings mapped to the OWASP Top 10 for LLM Applications
• Zero-setup offline demo for both tools; injection harness also runs live against the real Claude API with your own key

Python Claude API MCP Prompt Injection AI Agent Security OWASP LLM Top 10

Repo: github.com/harryc295/agent-privilege-mapper

Scriptable adversarial test harness for LLM system prompts — fires prompt-injection, jailbreak, and system-prompt-leak attacks at a model and scores how many got through, against Claude or any OpenAI-compatible endpoint.

• Canary-token technique to detect exfiltration with no guesswork about what counts as "leaked"
• 5 attack categories: direct injection, roleplay jailbreak, system-prompt leak, indirect injection (smuggled in summarised content), base64 encoding obfuscation
• CI-gateable — --fail-above exits non-zero if the risk score regresses on a system prompt change
• Markdown report with pass/fail table, 0–100 risk score, and full prompt/response pairs
• Works against Claude (official SDK) or OpenAI-compatible endpoints, including local Ollama/vLLM

Python Claude API OpenAI SDK Prompt Injection Red Team AI Agent Security

Repo: github.com/harryc295/llm-redteam

Modular CLI platform for authorised web application security assessments — reconnaissance, content discovery, vulnerability checks, and opt-in injection-indicator scanning, built on a plugin architecture with an async scan engine.

• Hard authorisation gate: every scan needs --i-have-authorization plus an explicit allowed_hosts/CIDR allowlist enforced on every HTTP request, DNS query, and raw-socket probe
• Recon, content discovery, vuln assessment, API/cloud checks across a documented plugin architecture; auto-integrates nuclei, katana, httpx, subfinder, dnsx, naabu, gau and waybackurls when installed
• Injection-indicator plugins (XSS, SQLi, SSTI, XXE, path traversal...) are detection/evidence-only and off by default
• JSON/Markdown/HTML reporting with CWE and OWASP mapping per finding
• Per-host rate limiting, --dry-run planning mode, append-only audit log
• CI across Ubuntu/Windows/macOS plus a Docker build; ruff + mypy + pytest

Python Async Plugin Architecture SQLite/PostgreSQL nuclei OWASP Offensive Security

Repo: github.com/harryc295/websec-assess

Personal cyber range running on VirtualBox — used daily for AD deployment, malware analysis, purple team exercises, and validating attack chains against real defensive controls.

Full-Stack Developer — Ideal4Finance (2026 — Present · Internship) Building an FCA DISP-aligned financial complaints platform from the ground up. Core contributor responsible for architecture, security implementation, and CI pipeline. NestJS 11 + Next.js 16 + PostgreSQL + Docker.

Penetration Tester — Authorised Client Engagement (June 2026) Full-scope black-box test across web, subdomains, and four cloud-hosted targets. Discovered CVE-2025-49132 (Critical CVSS 9.8), enumerated 269 undocumented endpoints, full OAuth2 audit. Delivered 18-page executive and technical report with remediation roadmap.

Kitchen Porter / Bar Back — Lytham House (2021 — 2024) Three years in a high-pressure hospitality environment. Teamwork, reliability, and communication under pressure.

BSc (Hons) Cybersecurity — First-Class Predicted University of Greater Manchester · 2025–Present · Accelerated entry via Accreditation of Prior Learning

Foundation Degree in Cybersecurity University of Greater Manchester · 2024–2025

A Levels — Law, Geography, Sociology · Cardinal Newman College · 2022–2024

GCSEs — AKS Lytham (Independent)

Certifications & Training

Near-term I'm targeting Cloud Security Engineering roles — the technical depth is there across AWS, Kubernetes, Terraform, and DevSecOps automation. Long-term the goal is Security Architecture and CISO level, so I'm building strategic thinking and governance understanding alongside the hands-on work.

Currently working on: finishing the degree (first-class), continuing to expand BinaryHammer's feature set, extending the AWS price tracker toward Cost Explorer and Slack alerting, and working toward AZ-900 / SC-900 as the next credential milestones.

Open to graduate roles, placements, and mentorship — linkedin.com/in/harrycorcoran-cybersecurity or corcoranharry2@gmail.com.