I like to turn ideas into real, running systems. On this page, you’ll find a selection of labs and projects where I’ve worked on networking, system administration, automation and security. Each project is an opportunity for me to experiment, break things, fix them, and document what I’ve learned along the way.
Hands-on lab where I deployed a simple PHP/MySQL web application on Azure using a full cloud-native pipeline. I set up a bastion VM, containerized the app with Docker, built and pushed images to Azure Container Registry, configured an Azure DevOps pipeline with a self-hosted agent, and deployed the container to Azure Container Apps with a managed MySQL database. The goal was to automate the build and deployment process end-to-end and document the infrastructure.
Design and deployment of a full enterprise network infrastructure from scratch. We virtualized an OPNsense firewall and router on VMware, configured DHCP, VLANs and firewall rules to segment and secure the network. I also configured a legacy HP ProCurve 2810 switch via Telnet, applying port-based VLAN assignments and access rules. The goal was to deliver a production-ready, segmented and documented network before handing it off to the RUN team.
Follow-up of the TacTic Brother enterprise network project, focused on operations and monitoring. We designed and deployed a full RUN stack: Grafana + Prometheus for NOC dashboards, Loki for firewall log centralization, GLPI for ITSM (assets, incidents and changes) and Wazuh as a SOC-lite. I worked on turning network and security metrics into actionable dashboards, configuring alerting, and documenting runbooks so another team could operate and troubleshoot the infrastructure.
End-of-year team project: design and deployment of the backend, infrastructure and CI/CD for a turn-based creature battle web application (multi-user, secure and scalable). I focus on the network, deployment, security and automation aspects. My scope: network architecture, secure exposure, GitHub Actions pipelines, monitoring (Prometheus/Grafana) and deployment on the school lab infrastructure.
Regularly solving CTF challenges and security labs focused on web exploitation, reverse engineering and basic crypto. I document each challenge in a private Obsidian knowledge base with methodology, tooling and remediation, and use these notes to improve my attack paths and detection mindset.
Development of an advanced ESP32‑based Wi‑Fi sniffer able to capture 802.11 frames, rotate channels, track unique devices and compute live statistics (RSSI, channel, packet type). Includes configurable modes to log all packets, only management frames or unique MACs, with console reporting and basic filtering for signal strength and specific targets.
Deployment of a self‑hosted Git forge (Forgejo) on a Debian Trixie VM running on VMware, without Docker. I installed and configured Forgejo as a system service, handled reverse proxy and HTTPS, set up repositories, users and access keys, and documented backup and update procedures so the platform can be maintained over time.