Hi, I'm Allfin Ahsan

Overview

Designed and implemented a robust, multi-VLAN home network leveraging Ubiquiti UniFi, Proxmox virtualization, Docker containers, and modern monitoring stacks. This end-to-end project showcases advanced skills in network design, security enforcement, VPN connectivity, and real-time performance visualization.

Hardware & Infrastructure

UDM Pro SE running UniFi OS 4.1.22 as the primary gateway and controller. Proxmox VE server hosting Grafana dashboard VM, InfluxDB time-series database VM, UniFi Poller service, and Prometheus PVE exporter/Telegraf agent. Raspberry Pi with Docker/Portainer for lightweight services and secondary monitoring nodes. Cisco Catalyst 2960X (planned) for L3 switching offload.

Network Topology & Segmentation

Implemented strict VLAN segmentation to isolate traffic and enhance security across 5 VLANs: Servers (VLAN 1), Personal (VLAN 10), Guest (VLAN 20), IoT (VLAN 30), and Management (VLAN 72). Configured firewall rules where VLAN 10 ⇄ VLAN 1 traffic is allowed while others are blocked, with VLANs 20, 30, 72 restricted to internet-only access.

VPN & Remote Access

Primary PiVPN server at home and secondary PiVPN at remote location for connectivity troubleshooting. WireGuard implemented on UDM Pro SE with AllowedIPs = 192.168.0.0/16, 172.27.27.0/24. Dynamic DDNS using homelovelu.duckdns.org for secure remote client access with granular LAN/VLAN routing controls.

Monitoring & Logging

UniFi Poller and Prometheus PVE exporter collect network and host metrics every 30s, storing time-series data in InfluxDB. Grafana dashboards visualize VLAN throughput & utilization, VPN client connections & data usage, device health (CPU, memory, disk) on Proxmox, and rogue AP/anomaly alerts.

Technologies & Tools

Networking: Ubiquiti UniFi, VLANs, WireGuard, PiVPN, Cisco L3 switching
Virtualization: Proxmox VE, KVM/QEMU, LXC
Containerization: Docker, Portainer
Monitoring: UniFi Poller, Prometheus, InfluxDB, Grafana
Automation: Bash, YAML configurations, Terraform

Key Achievements

Achieved segmented network security with zero inter-VLAN leakage, real-time observability of network and host metrics across the lab, and demonstrated ability to integrate heterogeneous hardware and open-source software seamlessly. Developed CLI and rule-based tests for firewall enforcement and configured Proxmox Backup pruning policies with full restore SOPs.

Overview & Motivation

Diving into TryHackMe's labs was my way of stepping out of the theory and into real-world cyber battlegrounds. I wanted to feel the thrill of tracking down a hidden threat, understand what keeps SOC analysts up at night, and build muscle memory for spotting weaknesses under pressure. Plus, completing these labs gave me confidence that I can move from clicking tutorials to truly thinking like both attacker and defender.

Lab Modules & What I Learned

Threat Detection & SIEM Workflow: I rolled up my sleeves in a simulated SOC dashboard, writing detection rules for everything from brute-force logins to sneaky PowerShell backdoors. Tuning the alerts taught me patience—too many false positives bury the real threats, so I learned to balance sensitivity with accuracy.

Network Enumeration: With Nmap, Netcat, and Wireshark as my digital scouts, I mapped out network layouts like a treasure hunter marking Xs on a map. Documenting open ports and services gave me a hacker's-eye view of attack surfaces—and the mindset to document and share findings clearly, just like in a real incident report.

Privilege Escalation: Exploiting small misconfigurations felt like unlocking secret doors. Whether it was abusing sudo rights on Linux or exploiting leftover services on Windows, I practiced safe, repeatable techniques—then wrote scripts to patch them, sharpening my ability to flip between offense and defense seamlessly.

SOC-Level Analysis & Incident Triage: Jumping into a mock ticketing system, I became both investigator and communicator: triaging alerts, writing concise incident reports, and collaborating with a virtual blue team. It drove home how technical skills must pair with clear communication to actually resolve threats.

Adversary Simulation & Red Teaming: Building phishing lures, deploying reverse shells, and establishing persistence gave me respect for an attacker's creativity. Then switching hats to hunt my own implants helped me understand detection blind spots—fueling ideas for more robust defensive playbooks.

Why It Matters & How It Helps

1. Bridges Theory to Practice: Reading about CVEs is one thing—exploiting them in a controlled lab cements the concepts.
2. Builds Real-World Habits: Regularly toggling between attack and defense hones a security mindset—I now instinctively look for misconfigurations in my own network projects.
3. Enhances Collaboration Skills: Simulated SOC exercises reinforce that incident response is a team sport; clear, prompt communication is as vital as technical know-how.
4. Prepares for Live Environments: Hands-on labs accelerate readiness for on-the-job challenges, from writing Sigma rules in Splunk to running post-exploitation tools without hesitation.

Tools & Techniques

Reconnaissance: Nmap, Netcat, Wireshark
Exploitation: Metasploit, custom PowerShell scripts, Linux one-liners
Post-Exploitation: LinPEAS, WinPEAS, BloodHound
Detection & Logging: ELK stack, Splunk basics, Sigma rules
Reporting & Teamwork: Markdown lab reports, TheHive ticket simulations

Highlights & Impact

• 15+ Customized Detection Rules: Reduced noise in lab alerts and focused on true indicators of compromise.
• 20+ Comprehensive Labs Completed: Achieved a 100% success rate, building confidence to tackle live pen tests.
• Automated Patch Scripts: Saved an estimated 50% of remediation time by scripting fixes for common vulnerabilities.

Skills Gained

Thinking like both attacker and defender, rapid threat hunting and precise log analysis, incident communication under time constraints, and scripting for automation and remediation.

Overview & Motivation

I've embarked on KodeKloud's hands-on DevOps curriculum to bridge the gap between foundational scripting skills and full-scale CI/CD pipelines. My goal is to internalize best practices for automation, infrastructure-as-code, and container orchestration by building real projects step by step.

Modules Completed & Ongoing

Linux Fundamentals & Shell Scripting (Completed): Wrote bash scripts for file manipulation, user management, and service health checks, reinforcing core automation techniques.

Docker & Container Workflows (Completed): Built and optimized Docker images, managed containers via Docker CLI and Compose, and explored multi-stage builds for lean images.

Kubernetes Essentials (In Progress): Deploying pods, Services, and Deployments on a minikube cluster. Currently automating rollouts and rollbacks using kubectl and YAML manifests.

CI/CD with Jenkins (In Progress): Configuring Jenkins pipelines as code, integrating GitHub webhooks, and practicing blue–green deployments. Next up: adding rollback logic and testing stages.

Infrastructure-as-Code with Terraform (Upcoming): Planning to define AWS resources (VPC, EC2, S3) declaratively and provision them via Terraform modules.

Tools & Technologies

Linux & Bash: Core scripting for automation and orchestration
Docker & Docker Compose: Container lifecycle management and multi-container application setup
Kubernetes (Minikube): Orchestrating container deployments with YAML manifests and Helm charts
Jenkins: Building, testing, and deploying applications through scripted pipelines
Git & GitHub: Version control, branches, and pull request workflows
Terraform: Declarative provisioning of cloud infrastructure (upcoming)

Current Status & Next Steps

1. Kubernetes: Finalize helm chart creation and resource autoscaling tests
2. Jenkins: Implement robust rollback strategies and integrate automated test suites
3. Terraform: Kick off AWS IaC labs, parameterizing modules and state management

Excited to refine these skills and apply them to real-world infra projects—feel free to ask for live demos or code walkthroughs!

Why I Play in Code

I still remember the thrill of building my first to‑do list—seeing a blank page come alive with checkboxes and tasks was like magic. This project is my playground, driven by pure curiosity: "What happens if I tweak this style?" or "How can I make this widget smarter?"

What I Build and Why

Interactive Web Widgets: I whip up tiny apps—think a to‑do list that remembers my items or a weather widget pulling live data—using vanilla JavaScript and the DOM API. Every error is a puzzle, and solving it sharpens my debugging detective skills.

Responsive Design Trials: I take snippets of elegant landing pages and bend them to mobile, tablet, and desktop using CSS Grid and Flexbox. These mini challenges teach me how to make layouts that feel intuitive on any device.

API Playground: I spin up a simple Flask API for managing notes—CRUD routes, JSON serialization, modular structure. There's something deeply satisfying about seeing front‑end forms whisper to a back‑end service and get a reply.

Database Experiments: Using SQLite and SQLAlchemy, I store and fetch user data, write migrations, and even dive into raw SQL queries. It's a hands‑on way to learn how data truly lives inside an application.

Framework Explorations: I kicked off a React mini‑app to compare component‑driven magic against plain JavaScript. Implementing hooks, routing, and reusable components gives me a feel for how frameworks speed up—and sometimes slow down—development.

What I Get Out Of It

Hands‑On Fundamentals: Tiny projects force me to wrestle with the basics, so higher‑level tools make sense later.
Fail Fast, Learn Faster: When something breaks, the rush to fix it cooks lessons into my muscle memory.
Glue Between Dev & Ops: Juggling front‑end quirks and back‑end plumbing makes me a more versatile engineer.
Never Stop Growing: Each experiment is a stepping stone—stagnation isn't an option.

Tools of the Trade

Frontend: HTML5, CSS3 (Flexbox & Grid), JavaScript (ES6+)
Backend: Python, Flask, SQLite, SQLAlchemy
Workflow: Git, GitHub, VS Code, Postman

What's Next

1. Dockerize the Notes API: Host it on a free tier so I can demo it from anywhere
2. Blog the Journey: Share my wins—and my faceplants—because we all learn faster when we learn together

This sandbox keeps my curiosity burning. Always experimenting, always upgrading, and always happy to share the code or walk you through my process!