Coursework

Selected academic work from Purdue University’s Cybersecurity and Computer & Information Technology programs.

Computational Humor: Pun Analysis with NLP

Graduate NLP Coursework

Tip🧠 Full pun comprehension pipeline β€” identification, disambiguation, explanation, and scoring

Tackled the SemEval 2017 shared task on phonetic puns: given a sentence containing a pun, automatically find the intended word, explain why it’s funny, and score how good the joke is.

Humor is one of the hardest problems in NLP β€” puns in particular require simultaneously reasoning about phonetics, semantics, and context. This project built a five-stage pipeline to decompose the problem: find phonetically similar word pairs, pick the right sense of each, generate a natural language explanation, and output a composite quality score.

The design decisions were as deliberate as the implementation. BERT-based masked prediction was evaluated and rejected for word sense disambiguation in favor of Lesk similarity β€” not due to capability but due to the near-total absence of pun-annotated training data. GPT-3 was chosen specifically for the language generation stage where discrete methods fundamentally break down: composing fluent, coherent explanations of jokes is a generation problem, not a retrieval one.

πŸ“Š Dataset SemEval 2017 phonetic pun corpus
πŸ”§ Pipeline 5 stages β€” identification β†’ sound similarity β†’ disambiguation β†’ explanation β†’ scoring
πŸ€– Generation GPT-3 for natural language joke explanation
πŸ“ Scoring Pronunciation distance (IPA edit) + cosine distance of vectorized definitions
πŸ”Š Phonetics ARPABET β†’ IPA transcription pipeline via SoundsLike

Stack:

GPT-3 NLTK SoundsLike Lesk Similarity PyDictionary

NLP Word Sense Disambiguation IPA / ARPABET Cosine Similarity SemEval 2017

Enterprise Network Design & Administration

CNIT 34200 β€” Undergraduate Networking Capstone

NoteπŸ—οΈ Full-stack enterprise network built from scratch in vSphere

Four isolated network zones, an Active Directory forest spanning two sites, a custom BIND DNS resolver, and DFS replication β€” all provisioned and wired together end-to-end.

Most networking coursework stops at configuration. This capstone started at the hypervisor. Every VM, NIC assignment, port group, and IP was provisioned from scratch in a shared vSphere/vCenter environment β€” meaning mistakes had real consequences, including accidentally routing traffic through another group’s switch port.

The architecture mirrored a real enterprise: a pfSense firewall segmenting WAN, HQ LAN, DMZ, and a remote office subnet; Windows Server 2019 DCs at both sites forming an AD forest; a CentOS BIND server in the DMZ replacing the upstream Purdue resolver with an internally-controlled one; and DFS namespace + replication tying HQ and Remote together for distributed file access. The three-part WAN debugging incident β€” a misassigned NIC, stale gateway entries, and a misconfigured server gateway all compounding simultaneously β€” was the most technically dense troubleshooting exercise of the program.

🌐 Network zones 4 β€” WAN, HQ LAN, DMZ, Remote office
πŸ–₯️ VMs provisioned pfSense, CentOS BIND, 2Γ— Windows Server, 2Γ— Windows client
πŸ—‚οΈ Services deployed Active Directory, DFS namespace + replication, BIND DNS, NAT
πŸ› Debugging 3-part WAN failure β€” misassigned NIC, conflicting gateways, wrong server default GW
πŸ”’ Security policy NAT outbound rules configured to block DMZ egress by design

Stack:

pfSense VMware vSphere Active Directory BIND DFS

Windows Server 2019 CentOS NAT / Firewall Rules AD Sites & Services DNS Forwarding

Intrusion Detection System Deployment & Penetration Testing

CNIT 45500 β€” Network Security

Importantβš”οΈ End-to-end attack-and-detect lab β€” from packet capture to SOC dashboard

Two NIDS engines, two vulnerable targets, one attacker VM, and a live validated attack pipeline. Every component provisioned, configured, and verified from scratch.

The goal wasn’t just to install Snort β€” it was to build the full operational context around it. That meant standing up a realistic target environment (Metasploitable and Ultimate LAMP), provisioning an attacker machine (Kali), and wiring two Security Onion instances together as a distributed detection stack, all on a pfSense-segmented lab network in vSphere.

Snort ran as the capture sensor using PF_RING for high-throughput packet ingestion, Emerging Threats Open signatures, and Zeek for protocol analysis and file extraction. Suricata sat downstream as the event correlator and SOC-facing dashboard. The pipeline was validated end-to-end: a slow loris HTTP flood and an nmap port scan launched from Kali hit the Ultimate LAMP machine, were captured by Snort, forwarded via Filebeat, and surfaced as alerts in Suricata’s management UI. A production-realistic configuration detail β€” Snort’s PulledPork signature updater was blocked by the WAN firewall at startup β€” required diagnosing and temporarily opening egress for the rule download before hardening back down.

πŸ–₯️ VMs deployed 4 β€” Kali (attacker), Metasploitable, Ultimate LAMP, 2Γ— Security Onion
πŸ” NIDS engines Snort (sensor) + Suricata (correlator) running in parallel
⚑ Attacks validated Slow loris HTTP flood + nmap port scan, end-to-end through the pipeline
πŸ“¦ Log pipeline Snort β†’ Filebeat β†’ Suricata β†’ Elasticsearch β†’ SOC dashboard
🌐 Ruleset Emerging Threats Open via PulledPork, tuned to RFC-1918 HOME_NET

Stack:

Snort Suricata Security Onion Zeek Filebeat Elasticsearch

Kali Linux pfSense PF_RING PulledPork VMware vSphere

Vulnerability Assessment & Remediation

CNIT 47100 β€” Ethical Hacking & Network Defense

WarningπŸ”΄ 7 critical vulnerabilities found β€” 2 exploited, 1 remediated and re-verified

Full assessment lifecycle against Metasploitable 2 & 3: discovery, exploitation, fix, and a follow-up scan to prove it.

Vulnerability scanning is easy. Understanding what the findings actually mean β€” and proving you can both exploit and fix them β€” is the real exercise. This lab ran the complete assessment lifecycle: automated scanning with Nessus and nmap-vulners to build a findings inventory, manual exploitation of two critical vulnerabilities to demonstrate real impact, remediation of one, and a follow-up Nessus scan to verify the fix was effective and not just assumed.

The two exploits chosen were deliberately different in character. The VNC takeover was trivially simple β€” the password was literally password β€” but demonstrated full graphical remote control of the machine, making the business risk viscerally obvious. The ProFTPD mod_copy exploit was more surgical: anonymous FTP access combined with SITE CPFR/SITE CPTO to silently copy /etc/passwd to a web-accessible path without authentication. No credentials, no noise, one command.

πŸ”΄ Critical vulns found 7 via Nessus β€” bind shell backdoor, weak RNG in OpenSSH/OpenSSL, NFS disclosure, VNC
πŸ“‹ CVEs catalogued 20 application/version pairs across ProFTPD, OpenSSH, ISC Bind via nmap-vulners
πŸ’₯ Exploits demonstrated 2 β€” VNC remote takeover (Metasploitable 2), ProFTPD passwd exfil (Metasploitable 3)
βœ… Remediation verified VNC password hardened via vncpasswd, clean re-scan confirmed
πŸ›‘οΈ WAF detection wafw00f identified ModSecurity on certifiedhacker.com; no WAF on either target

Stack:

Nessus nmap wafw00f VNC ProFTPD

CVE Analysis Vulnerability Remediation Network Scanning WAF Detection Exploit Development