Operational Security Assessment

Infrastructure Forensics Using Certificate Transparency, DNS Analysis & Compliance Modeling

January 2025 | Portfolio Case Study

#certificate-transparency #dns-forensics #osint #compliance #infrastructure-security
📧 Request Full Assessment

Project Overview

Independent security assessment of e-commerce infrastructure demonstrating OSINT analysis, infrastructure forensics, and compliance evaluation capabilities. This portfolio case study showcases my methodology for identifying security gaps, quantifying business risk, and developing actionable remediation strategies.

Assessment Scope

Conducted passive reconnaissance using Certificate Transparency logs, DNS enumeration, and publicly available infrastructure data to identify security vulnerabilities and compliance gaps. Analysis focused on legacy infrastructure management, credential exposure risks, and regulatory compliance posture under NY SHIELD Act requirements.

Methodology: All findings derived from non-invasive OSINT techniques using publicly accessible information. No unauthorized access attempted or gained. This approach demonstrates professional security assessment capabilities while maintaining strict ethical standards.

Assessment Summary

$17K+
Annual Cost Savings Identified

Abandoned infrastructure consuming unnecessary resources

40+
Page Technical Report

Comprehensive analysis with remediation roadmap

Multiple
Critical Vulnerabilities

Infrastructure, credential, and compliance gaps identified

Key Findings Categories

  • Infrastructure Management: Legacy "ghost" servers continuing to operate after migration, creating security exposure and unnecessary costs
  • DNS Security: Dangling DNS records and SPF misconfigurations exposing infrastructure topology
  • Credential Management: Hardcoded API credentials in legacy systems and migration artifacts
  • Vulnerability Exposure: Unpatched systems with known CVEs remaining accessible
  • Compliance Gaps: Regulatory exposure under NY SHIELD Act requirements

Skills Demonstrated

Infrastructure Forensics

✓ Certificate Transparency ✓ DNS Analysis ✓ SPF Records ✓ Asset Discovery

Passive OSINT using crt.sh, DNS tools, and public records to map infrastructure

Security Analysis

✓ OSINT Collection ✓ Risk Assessment ✓ Attack Vectors ✓ CVE Research

Systematic vulnerability identification and security risk evaluation

Compliance & Risk

✓ NY SHIELD Act ✓ Risk Modeling ✓ Cost Analysis ✓ Reporting

Regulatory compliance assessment and financial impact quantification

Solution Design

✓ Remediation Plans ✓ Architecture ✓ Prototyping ✓ Documentation

Actionable recommendations with proof-of-concept implementations

Research Methodology

Passive OSINT Techniques

All reconnaissance conducted using non-invasive, publicly available intelligence:

  • DNS Enumeration: Historical DNS records, SPF analysis, subdomain discovery
  • Certificate Transparency: SSL certificate analysis identifying infrastructure patterns
  • Infrastructure Fingerprinting: Service identification and version detection
  • Public Repository Analysis: Identification of potential credential exposure patterns
  • Compliance Framework Review: Assessment against regulatory requirements

Ethical Standards

No unauthorized access attempted or gained. All findings derived exclusively from passive reconnaissance and publicly accessible information. This methodology demonstrates understanding of threat actor reconnaissance techniques while maintaining professional ethical boundaries appropriate for legitimate security research.

Sample Findings

Infrastructure Security Gaps

Legacy Infrastructure Management

Issue Identified: Certificate Transparency logs revealed active SSL certificates for infrastructure believed to be decommissioned.

Security Impact:

  • Abandoned servers remaining operational with outdated software and unpatched vulnerabilities
  • DNS records still pointing to decommissioned infrastructure
  • Potential for unauthorized access via unmaintained systems
  • Unnecessary hosting costs ($15K-20K annually)

Recommendations: Complete infrastructure inventory, systematic decommissioning of legacy systems, and ongoing monitoring of DNS and certificate issuance.

Credential Management

Exposed Credentials Risk

Issue Identified: Analysis revealed patterns indicating hardcoded API credentials in legacy migration artifacts.

Security Impact:

  • Persistent access tokens without expiration policies
  • Administrative-level credentials potentially exposed
  • Risk of unauthorized data access

Recommendations: Implement secrets management platform, rotate all exposed credentials, enforce token expiration policies.

Compliance Posture

Regulatory Compliance Gaps

NY SHIELD Act Requirements:

  • Data classification and handling procedures
  • Breach notification requirements
  • Administrative, technical, and physical safeguards

Risk Quantification: Used IBM breach cost benchmarking data to model potential financial exposure from identified vulnerabilities.

Recommendations: Develop compliance checklist, implement required safeguards, establish breach response procedures.

Solution Design & Remediation

Beyond identifying vulnerabilities, this project demonstrates end-to-end security thinking: problem identification, root cause analysis, solution design, and business value articulation. Each solution addresses specific operational security gaps discovered during the assessment.

Remediation Solutions Developed

Access Control System

Problem: No systematic audit logging for sensitive access

Solution: Role-based access control with cryptographic audit logs and behavioral analytics

Impact: Enables proactive threat detection and rapid incident investigation

Working prototype developed demonstrating implementation capability

Infrastructure Monitoring

Problem: No visibility into DNS changes or certificate reissuance

Solution: Automated monitoring with real-time alerting for infrastructure deviations

Impact: Prevent "ghost" server accumulation and detect unauthorized changes

Secrets Management

Problem: Hardcoded credentials in scripts and repositories

Solution: Centralized secrets management with automated rotation

Impact: Eliminate credential exposure as primary attack vector

Compliance Dashboard

Problem: No systematic tracking of regulatory requirements

Solution: Centralized compliance tracking with automated reporting

Impact: Continuous compliance visibility and reduced audit preparation time

Strategic Remediation Roadmap

Phase 1: Immediate Remediation (Weeks 1-4)

  • Complete infrastructure asset inventory
  • Decommission legacy systems securely
  • Remove dangling DNS records
  • Rotate all exposed credentials
  • Deploy multi-factor authentication

Phase 2: Proactive Controls (Weeks 5-12)

  • Implement access control and audit logging
  • Deploy infrastructure monitoring
  • Establish secrets management platform
  • Document incident response procedures

Phase 3: Sustainable Security (Weeks 13-24)

  • Establish change management processes
  • Implement compliance monitoring
  • Deploy security awareness training
  • Schedule quarterly security assessments

Professional Capabilities

Security Analysis

• OSINT collection and correlation

• Infrastructure vulnerability assessment

• Risk analysis and prioritization

• Attack vector identification

• CVE research and impact assessment

Compliance Expertise

• Regulatory framework assessment

• Financial exposure modeling

• Breach cost quantification

• Compliance reporting

• Risk communication

Technical Documentation

• Executive-level communication

• Technical finding presentation

• Remediation roadmap development

• Solution architecture design

• Stakeholder reporting

Solution Development

• Security architecture design

• Proof-of-concept development

• Cost-benefit analysis

• Business impact assessment

• Implementation planning

Tools & Techniques

Reconnaissance & Analysis:

dig, nslookup (DNS enumeration) • crt.sh, Censys (Certificate Transparency) • Shodan, SecurityTrails (infrastructure fingerprinting) • CVE databases (NVD, MITRE) • OSINT framework techniques

Compliance & Risk:

NY SHIELD Act framework • IBM Cost of Data Breach benchmarking • Industry breach cost modeling • Risk quantification methodologies

Key Insights

Professional Lessons

  • OSINT Effectiveness: Publicly available information reveals significant security gaps when analyzed systematically
  • Infrastructure Forensics: Certificate Transparency logs and DNS records provide valuable historical evidence of system changes
  • Business Context: Technical vulnerabilities must be translated to quantifiable business risk for stakeholder action
  • Actionable Recommendations: Security findings require clear remediation guidance and implementation roadmaps
  • Holistic Approach: Effective security requires addressing people, process, and technology simultaneously

Project Deliverables

Comprehensive 40+ page operational security assessment demonstrating infrastructure forensics, OSINT analysis, and compliance evaluation capabilities. Identified critical security gaps including legacy infrastructure management issues, credential exposure risks, and regulatory compliance gaps. Quantified business impact and provided strategic remediation roadmap with cost-benefit analysis.

Assessment demonstrates professional security analyst capabilities: passive OSINT reconnaissance, forensic investigation methodology, regulatory compliance expertise, risk quantification, and strategic remediation planning. Developed working proof-of-concept access control system showing ability to move from analysis to implementation.

Confidentiality & Availability

This portfolio case study has been sanitized to protect confidential information. All research conducted using non-invasive OSINT and publicly available data. No unauthorized access attempted or gained.

Full detailed assessment available to potential employers upon request under appropriate confidentiality agreements.

Contact: emiliano.carrizosa@proton.me