Skip to content

Portfolio deception layer

The portfolio is not only a static personal website. It also acts as a controlled demonstration surface for the HYDRA / PDX research track.

The goal is to make the security story explicit without publishing the mechanics of the decoys. A recruiter or reviewer should understand that suspicious-looking behavior is intentional, while scanners should not receive a complete map of routes, flags, detection rules, or collection patterns.

Current model

graph TD
    A[Visitor / Bot / Scanner] --> B[Controlled Decoy Surfaces]
    B --> C[HYDRA-style Telemetry]
    C --> D[PDX Event Normalization]
    D --> E[Analysis / Reporting]
    E --> F[Future BELIEF Integration]

What is live

  • The original HYDRA SSH VPS run is historical and paused.
  • The portfolio keeps a constrained set of safe decoy interactions for public demonstration.
  • PDX remains the active local-first pipeline for turning observations into structured security events.
  • Old static bait paths that could be mistaken for real exposure stay blocked.

What is intentionally private

This documentation does not publish the full route list, fake flag locations, detection criteria, internal PDX rules, or exact patterns collected from scanners.

That opacity is intentional: the page explains the architecture and safety boundary, not the playbook.

Safety boundary

The deception layer must not expose real credentials, production secrets, administrative interfaces, raw session data, or infrastructure access. Public outputs should be sanitized, high-level, and useful for understanding the research without enabling abuse.