Projects

Project Goal:

Built a Python program that monitors a simple load balancer setup.

The system checks one master node and multiple slave nodes inside a subnet.

Each node is validated using IPv4 rules, and the Linux ping command is used to see if the node is online.

The program prints a clean status report showing the master state and how many slaves are online or offline.

This project demonstrates object-oriented programming, basic networking, and command-line automation.

Technical Skills Demonstrated:

• Python Programming

• Classes, objects, constructors

• Lists, loops, conditional checks

• Using subprocess to run system commands

• Organizing code into reusable methods

Networking Basics:

• IPv4 validation (octets, ranges, structure)

• Checking connectivity using ping -W 2 -c 1

• Understanding master and slave nodes in a subnet

• Network address and bitmask handling

Object-Oriented Design:

• Node class (IP validation + connectivity test)

• LoadBalancerMonitor class (master, slaves, reporting)

• Add/remove slave methods

• Status reporting method

Command-Line Tools:

• Running OS-level commands from Python

• Live status output with print flushing

Error Handling:

• Preventing invalid IPs from being added

• Safe ping tests for offline nodes

Linux Scripting:

• Running Python scripts in Linux terminal

• Automating system checks

Data Processing:

• Counting online/offline nodes

• Tracking multiple nodes in a list

Software Documentation:

• Clear comments in simple B1 English

• Easy-to-read structure and naming

Tools & Technologies Used:

• Python 3

• subprocess module

• Linux VM (Ubuntu)

• Git + GitHub (SSH authentication)

• VS Code and Terminal

• Ping command for network checks

Project Outcome:

• Created a working load balancer monitor that:

• Validates node IP addresses

• Tests master and slave connectivity

• Displays online/offline counts

• Shows a clean status report

• Handles invalid IP addresses

• Runs smoothly in a Linux environment

The final script is readable, clean, and written from scratch using Python OOP principles.

GitHub Repository: https://github.com/mehran3b/LoadBalancerMonitor-Python

Project Goal:

Designed and configured a complete Q-SYS Level 1 DSP audio system using Q-SYS Designer.

The goal of this project was to build a working signal flow for a conference room, including microphone processing, acoustic echo cancellation (AEC), far-end audio routing, and loudspeaker output control.

The system used multiple audio sources (microphones, VoIP, USB speakerphone, USB sound card, and audio player), processed them through filters, EQ, and mixers, and routed the final signals to local speakers and far-end destinations.

The project simulated a real conference room audio workflow with proper AEC behavior, echo-loop prevention, and correct gain structure.

Technical Skills Demonstrated:

• DSP System Design: End-to-end signal flow planning inside Q-SYS Designer

• AEC Configuration: Setup of an Acoustic Echo Cancellation block with a 3×1 reference mixer

• Audio Routing: 5×10 matrix routing with selective input/output mapping

• Gain Structure: Correct level management from microphones to final outputs

• Signal Processing: High-pass filters, stereo/mono parametric EQ, and mix gain blocks

• VoIP Integration: Softphone configuration and far-end audio handling

• USB Audio Integration: Routing and processing USB speakerphone and sound card streams

• Troubleshooting: Fixing echo loop issues, correcting incorrect crosspoints, and verifying far-end vs. near-end separation

• Logic & Flow Understanding: Ensuring correct AEC reference feed and preventing far-end audio from re-entering far-end paths

• System Validation: Signal monitoring using meters, probes, test generators, and simulated calls

Tools & Technologies Used:

• Platform: Q-SYS Designer (v9–v10 compatible)

• DSP Components: Matrix Mixers (5×10, 3×1), Gating Automatic Mic Mixer, AEC Processor

• Routing & Processing: HPF, Parametric EQ, Gain Blocks, Stereo/Mono Filters

• Audio Interfaces: VoIP Softphone-1, USB EC Speakerphone, USB Soundcard IN/OUT

• Output Devices: NL Series Network Loudspeakers, SPA-60x4 Amplifier, AD-S10T Speakers

• Monitoring Tools: Signal Probe, Signal Injector, RMS/Peak Meters

• Test Tools: Sine Generator, White Noise Generator, Pink Noise Generator

• Control Blocks: Liberty Recorder, Monitoring Proxy, Snapshot Controller

• Operating System: Q-SYS Core Emulator (software emulation)

Project Outcome:

Successfully completed the Q-SYS Level 1 practical design exam with a fully functioning DSP configuration.

The system correctly routed local microphone audio to far-end outputs (VoIP & USB Speakerphone) while isolating far-end audio and preventing echo loops.

AEC performed accurately using a dedicated reference mix, ensuring clear voice calls and clean speaker playback.

All outputs—network loudspeakers, amplifier-driven speakers, VoIP, and USB audio—were tested and validated.

The design passed all exam requirements, including proper matrix routing, gain structure, AEC setup, and far-end audio handling.

The final submission included screenshots, mixer routing tables, and working AEC reference configuration.

Project Goal:

Built a Python program that reads Apache web server log files and finds useful information from them. The project uses regular expressions to extract the IP address, request type, and status code from each line.

The program shows this information through a simple menu and can count success requests, “Not Found” errors, special URLs, and requests from Seneca IP ranges.

This project shows basic log parsing, pattern matching, and command-line interface development.

Technical Skills Demonstrated:

• Python Programming: file reading, loops, dictionaries, global variables

• Regular Expressions (Regex): pattern matching to extract IP, request, and status code

• Log Analysis: counting HTTP codes (200, 404), scanning log entries, filtering by URL and IP

• Menu-Based CLI: simple text interface for selecting different log statistics

• Error Handling: safe file loading and handling unreadable log lines

• Pattern Filtering: detecting “OPS435_Lab”, “hidebots”, and Seneca IP ranges

• Linux Scripting Basics: running Python scripts from command line

• Data Processing: storing and managing large log files in memory

• Software Documentation: writing clear comments and organizing functions

Tools & Technologies Used:

• Programming Language: Python 3

• Regex Engine: Python re module

• Platform: Linux / macOS / Windows (command line)

• Development Tools: VS Code, terminal shell, Python interpreter

• Data Source: Apache access log files

• File Operations: reading text files, parsing large datasets

• Testing Tools: print debugging, manual test logs

Project Outcome:

Created a working Apache log parser that can analyze real server logs and report useful information.

The program can:

• Load one or many log files

• Count HTTP 200 and HTTP 404 requests

• Detect Seneca IP addresses (142.204.*)

• Detect requests for “OPS435_Lab”

• Count 404 errors related to “hidebots”

• List unique IPs that caused 404 errors

The final script is clean, readable, and fully commented.

This project shows practical log reading skills, regex parsing, and a working command-line tool written from scratch.

GitHub Repository: https://github.com/mehran3b/apache-log-parser 

Project Goal:

Designed and implemented an end-to-end IoT security monitoring pipeline integrating a Raspberry Pi sensor with a cloud-based IDS (Intrusion Detection System) setup. MQTT traffic generated by the Pi was routed through a Mosquitto broker hosted on an AWS EC2 instance, monitored by Suricata, and forwarded to an ELK stack (Filebeat, Elasticsearch, Kibana) for analysis and visualization. The project simulated real-world device monitoring, network intrusion detection, and security log analysis. 

Technical Skills Demonstrated:

• Cloud Infrastructure: AWS EC2 instance provisioning and public/private IP mapping

• IoT Protocols: MQTT protocol understanding, topic-based publish/subscribe

• Security Monitoring: Suricata IDS deployment and rule creation for MQTT traffic

• Data Collection Pipeline: Filebeat log shipper configuration with Suricata

• Log Management & Visualization: Elasticsearch indexing and Kibana dashboards

• Linux System Administration: Daemon management (systemd), log parsing, service troubleshooting

• Network & Traffic Analysis: Custom Suricata rule triggering and alert capture

• Scripting & Automation: Python MQTT publisher for Raspberry Pi sensor data

• Troubleshooting: Journalctl inspection, config validation, log diagnostics 

Tools & Technologies Used:

• Platform: AWS EC2 (Ubuntu 22.04), Raspberry Pi 5

• IoT Protocol: MQTT (Mosquitto broker)

• Security Tools: Suricata IDS, custom detection rules

• Data Pipeline: Filebeat, Elasticsearch, Kibana

• Scripting Language: Python 3

• Operating System: Linux (Ubuntu), Raspberry Pi OS

• Monitoring: journalctl, tail, netstat, curl, Kibana dashboards

• Others: systemctl, nano, jq, bash shell, Wireshark (optional for packet capture) 

Project Outcome:

Successfully deployed a complete IoT security architecture where Raspberry Pi sensor data was transmitted over MQTT and analyzed in real-time using an ELK stack. Suricata accurately detected MQTT packet activity through a custom rule set and logged events to eve.json. Filebeat successfully ingested these logs and forwarded them to Elasticsearch, where Kibana provided rich visualization and query capabilities. The project demonstrates practical integration of security monitoring and cloud services, tailored for IoT environments. All steps, logs, rules, and dashboards were captured in the final submission with screenshots and verification artifacts. 

GitHub Repository: github.com/mehran3b/CYT160-IoT-Security-Project 

Project Goal:

Designed and implemented a secure, cloud-based backup solution for remote employees using Microsoft Azure. The solution includes VPN-based access using Azure AD authentication, isolated file shares per user, and a structured backup/restore plan with long-term retention. The project was developed within a restricted lab environment (Seneca Labs WA 100269) and adapted for full functionality despite platform limitations.

Technical Skills Demonstrated:

• Azure Networking: Virtual Network creation, subnet planning, VNet peering

• Identity & Access Management: Azure AD-integrated Point-to-Site VPN authentication

• Storage & File Services: Azure Files provisioning, folder-level access simulation

• Backup & Recovery: Recovery Services Vault setup, policy-based backup simulation

• Diagnostic Troubleshooting: Port 445 resolution, NSG rule analysis, cross-region validation

• Infrastructure Automation: Use of Azure templates and portal configuration

• Security Concepts: NSG and ASG application, DNS resolution, and zone segregation

• Adaptation under Constraints: Manual simulation of backup due to platform-level service restrictions

Tools & Technologies Used:

• Cloud Platform: Microsoft Azure

• Networking: VNets, VPN Gateway, GatewaySubnet, Peering

• Identity: Azure Active Directory

• Storage: Azure Files, File Shares

• Backup: Recovery Services Vault (with limited registration capabilities)

• Operating System: Windows Server 2022 (for demo VM)

• Monitoring: Azure Network Watcher, Portal Activity Logs

• Others: RDP, PowerShell, Azure Storage Explorer, browser-based testing

Project Outcome:

Successfully deployed an end-to-end secure infrastructure that simulates employee file backup over VPN in Azure. Created and validated VNets, deployed VPN Gateway with Azure AD auth, and provisioned user-specific file share directories. Due to platform restrictions on file share backup registration, a manual backup/restore simulation was performed using Azure Storage Browser. The solution demonstrates secure access, modular folder structure, and clear recovery workflows aligned with cloud administration practices. Screenshots, simulation steps, and test results were captured in a final submission report and narrated in a recorded video presentation.

Project Goal:

Developed a Linux-based system health monitoring tool in Python that provides real-time diagnostics on disk usage, memory consumption, and CPU load averages. Built entirely using core concepts taught in OPS445 (Lab 1–8), the tool emphasized modular design, reusable function-based scripting, CLI interaction using argparse, and system-level data collection using standard Python libraries. The project was executed in a team environment using GitHub-based version control and demonstrated on Seneca’s Matrix server and local Linux VMs.

Technical Skills Demonstrated:

• Python Function Design (modular script splitting, return values, separation of concerns)

• Command-Line Argument Parsing using argparse (custom flags, help message, default behaviors)

• System Resource Access using built-in modules (os, shutil, popen, getloadavg)

• Standard Output Formatting (f-strings, dictionaries, table-like layout)

• Error Handling (try/except for command failures and missing system capabilities)

• Testing and Debugging via CLI inputs and output validation

• Git Collaboration Workflow (branching, pull requests, tagging, commit tracking)

Tools & Technologies Used:

• Languages & Scripting: Python 3

• Operating System: Linux (Matrix Server, MyVMLab, Ubuntu VM)

• Shell Utilities: Bash, Python interpreter, free, df, uptime

• IDE/Editors: VS Code, nano

• Collaboration & Source Control: Git, GitHub (feature branching, PR reviews, tagging with v1.0)

Project Outcome:

Successfully implemented a portable and efficient health check utility script (assignment2.py) supporting flexible command-line options for system administrators. The final version passed all team-based code reviews, was tagged v1.0 for demonstration, and validated its functionality across multiple environments. The project highlighted advanced use of Python's standard library to access system metrics, reinforced modular scripting principles, and demonstrated professional Git-based collaboration for group development — all without relying on third-party libraries.

GitHub Repository: https://github.com/mehran3b/disk-cpu-health-checker/

Project Goal:
Developed a Linux-based date manipulation utility in Python, designed to validate user input, compute leap years, identify day-of-week, and calculate future or past dates by offset. Built entirely from foundational concepts taught in OPS445 (Lab 1–4), the project emphasized modular scripting, error handling, and command-line interaction in a Unix environment. 

Technical Skills Demonstrated:

• Python Function Design (reusable logic, argument handling, return values)

• String Manipulation & Date Formatting (splitting, zero-padding, f-strings)

• Conditional Logic and Loops (if/elif/else, while loops)

• User Input Validation (type casting, range checking, exception handling)

• Command-Line Argument Processing using sys.argv

• Control Flow Debugging & Error Reporting (usage messages, fail-safes)

• Unit Testing with Provided Grading Script (20 test cases covering edge scenarios)

Tools & Technologies Used:

• Languages & Scripting: Python 3

• OS & Environment: Ubuntu Linux (Virtual Machine)

• Shell Utilities: Bash, Python interpreter, VS Code or nano

• Validation Tools: checkA1.py script for functional correctness

• Version Control (optional): Git, GitHub for file tracking and submission

Project Outcome:
Successfully implemented and tested a robust date calculation script capable of computing day-of-week and applying positive or negative offsets to calendar dates in DD/MM/YYYY format. All 20 validation tests passed, confirming accurate handling of leap years, month boundaries, and year transitions. The project demonstrated core scripting proficiency, functional decomposition, and logical debugging using only foundational Python concepts.

GitHub Repository: https://github.com/mehran3b/OPS445-Project1/

Project Goal:
Deployed a secure and censorship-resistant VPN solution using V2Ray with the VLESS protocol on an AWS EC2 instance. Designed to provide reliable and private internet access to users in high-censorship environments by using TCP + HTTP obfuscation and domain fronting techniques. Managed TLS encryption, multi-user provisioning, and performance tuning for real-world bypass.

Technical Skills Demonstrated:

• Linux Server Administration (CentOS/RHEL-based EC2 instance)

• TLS Certificate Management using Let’s Encrypt (Certbot)

• Domain Configuration and DNS Management

• Obfuscated VPN Tunneling with V2Ray (VLESS + TCP + HTTP headers)

• Reverse Proxy Configuration using Nginx

• Multi-user Access Control via UUID provisioning

• Firewall and Port Management for bypass optimization

• VPN URI Configuration and Client Testing (Qv2ray, v2rayN)

Tools & Technologies Used:

• V2Ray / Xray Core (VLESS protocol)

• AWS EC2 (Linux), Nginx, Certbot

• Namecheap (DNS), Qv2ray / v2rayN (VPN Clients)

• JSON Configuration for V2Ray

• Linux systemd (service control), ufw/firewalld

Project Outcome:
Successfully provisioned and deployed a secure VPN service for 15 unique users, enabling them to bypass internet censorship using custom UUIDs and obfuscated TCP traffic. Validated successful connection and web access through multiple VPN clients. The system is scalable, stealthy, and designed for easy future user onboarding and auto-renewing TLS certificates. 

Project Goal:
Deployed and configured a globally accessible company website architecture across multiple Azure regions using IIS web servers, regional Load Balancers, and Azure Traffic Manager. Ensured high availability, redundancy, and geo-based traffic routing to optimize user experience based on client location.  

Technical Skills Demonstrated:

• Cloud Infrastructure Provisioning (Azure Resource Groups, VNets, Subnets, Public IPs)

• IIS Web Server Configuration and Custom Page Deployment

• Azure Load Balancing with Health Probes and Round Robin Rules

• Global Traffic Routing using Azure Traffic Manager (Geographic Routing)

• Virtual Machine Administration (Windows Server & Windows 10)

• Network Testing and Verification from remote regions (Canada, Spain, South Africa)

• DNS Resolution Troubleshooting and Health Probe Monitoring

Tools & Technologies Used:

• Azure Services: Virtual Machines, Load Balancer, Traffic Manager, Resource Groups, Virtual Networks

• Operating Systems: Windows Server 2019, Windows 10

• Networking: HTTP Load Balancing, RDP, Static Public IPs, NSG Configuration

• Web Services: IIS (Internet Information Services), Custom HTML Deployment

• Remote Testing: South Africa VM via RDP to validate geo-routing

• Traffic Analysis: nslookup, browser dev tools, Azure Portal Monitoring

Project Outcome:
Successfully built and tested a globally redundant Azure web hosting infrastructure. Demonstrated seamless regional load balancing in Canada and Spain, with accurate geographic redirection through Azure Traffic Manager. Remote testing from South Africa validated intelligent traffic routing, ensuring the project met all availability, scalability, and performance goals. Delivered a 5–7 minute video presentation showcasing the architecture, deployment, and results. 

Project Goal:
Performed advanced penetration testing and incident response on a virtualized lab environment (Windows 10 Victim, Kali Linux Attacker). Conducted multiple cyberattacks, monitored network activity, collected forensic evidence, and implemented countermeasures.

Technical Skills Demonstrated:

• Advanced Penetration Testing using Kali Linux tools (Nmap, Metasploit, hping, Netcat)

• Vulnerability Exploitation (DVWA – Damn Vulnerable Web Application)

• Network Traffic Analysis & Intrusion Detection (Wireshark, OSSIM, Suricata/Snort)

• Comprehensive Incident Response: evidence collection, IOC/IOA identification, incident documentation

• Defensive Security: Identified vulnerabilities and provided actionable mitigation strategies

Tools & Technologies Used:

• Kali Linux Penetration Testing Tools

• OSSIM / Wazuh SIEM, Snort / Suricata IDS

• Wireshark (pcap analysis)

• DVWA, XAMPP, VMware virtualization

Project Outcome:
Successfully executed multiple sophisticated cyberattacks, documented comprehensive forensic evidence and detection techniques, and provided detailed countermeasure recommendations in a professional incident response report.

Project Goal:
Designed and implemented a full Azure SQL Server infrastructure with VM-based SQL setup, data masking, encryption, backup/restore strategies, and geo-replication, demonstrating core database administration skills using Microsoft Azure services.

Technical Skills Demonstrated:

• Deployed and configured SQL Server on an Ubuntu VM using Azure Virtual Machines

• Restored the AdventureWorksLT2022 database and managed access via SQL Server Management Studio

• Created and managed users and permissions via T-SQL

• Applied Dynamic Data Masking and Deterministic Encryption using Azure Key Vault

• Performed Point-in-Time Restore of deleted and modified databases

• Enabled Geo-Replication, configured secondary replica, and conducted Forced Failover

Tools & Technologies Used:

• Microsoft Azure (VM, SQL Database, Key Vault)

• SQL Server Management Studio (SSMS)

• T-SQL for user roles, permissions, encryption, and data masking

• Azure Recovery & Backup features

• Geo-Replication & High Availability in Azure SQL

Project Outcome:
Successfully delivered a secure, scalable, and highly available SQL database environment on Azure, showcasing strong skills in cloud-based database administration, data protection, and disaster recovery planning.

Project 1: Active Directory Domain Services with Azure Bastion

• Project Goal:
  Deployed a secure, multi-subnet Azure infrastructure with a domain controller, webserver, and client VM across three peered virtual networks. Integrated Active Directory and demonstrated domain-joined communication across services.
  
  

• Technical Skills Demonstrated:

  • Configured three Azure Virtual Networks and Subnets with Peering

  • Deployed and secured a Domain Controller VM (ADDS role)

  • Joined Webserver and Client VMs to Active Directory

  • Implemented Azure Bastion for secure RDP access without public IPs

  • Validated FQDN access to the webserver from the client VM across domains
    
    

• Key Technologies:
  Azure Bastion, Azure Virtual Machines, Windows Server 2019, Windows 10, Azure VNet Peering, Active Directory Domain Services
  
  

Project 2: Internal Load Balancer with Azure Private DNS

• Project Goal:
  Built a scalable, internal website load balancing solution using Azure Load Balancer and two web servers, accessible via FQDN using Private DNS from a separate client network.
  
  

• Technical Skills Demonstrated:

  • Deployed two IIS Web Servers across different availability zones

  • Created and configured Azure Internal Load Balancer (HTTP rules, health probes)

  • Set up Azure Private DNS and A records for FQDN resolution

  • Verified seamless load balancing from client VM using browser-based testing

  • Implemented secure network access with Azure Bastion and VNet Peering

• Key Technologies:
  Azure Load Balancer, Azure Private DNS, IIS on Windows Server 2019, Azure Virtual Networks & Peering, Azure Bastion, FQDN-based access control

Project Goal:
Designed and implemented a multi-server architecture using AWS and Linux to deploy synchronized Apache web servers with custom load balancing, and installed a secure Roundcube webmail system with HTTPS.

Technical Skills Demonstrated:

• Created AMIs and launched multiple VMs (main + 3 slaves) for distributed Apache hosting

• Configured two-way rsync with SSH keys and automated cron jobs for file synchronization

• Used iptables for random HTTP load balancing between web servers

• Deployed and configured Roundcube Webmail using Apache, PHP, MySQL

• Configured SSL to enforce HTTPS access, and linked custom domain

• Implemented symbolic linking of web content and verified secure database communication
  
  

Tools & Technologies Used:

• AWS EC2, Amazon Linux

• Apache, PHP, MySQL/MariaDB

• iptables, SSH, cron, rsync

• Roundcube, SSL certificates, custom DNS records
  
  

Project Outcome:
Successfully built and load-tested a distributed web server environment, demonstrating advanced Linux system administration, automation, and real-world secure email server deployment.