{"id":51037203,"url":"https://github.com/gbasran/fsoc-portfolio","last_synced_at":"2026-06-22T07:30:50.381Z","repository":{"id":365153856,"uuid":"1213070176","full_name":"gbasran/fsoc-portfolio","owner":"gbasran","description":"Sanitized case study of Operation fsoc: a defense-first, multi-phase security engineering project. Threat model, hardening methodology, script design principles, and integration lessons, all redacted to protect live infrastructure.","archived":false,"fork":false,"pushed_at":"2026-06-16T04:46:15.000Z","size":917,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-16T07:21:51.560Z","etag":null,"topics":["case-study","cybersecurity","defensive-security","homelab","infrastructure","security","security-engineering","threat-modeling"],"latest_commit_sha":null,"homepage":null,"language":"TeX","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gbasran.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-17T02:34:38.000Z","updated_at":"2026-06-16T04:46:04.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/gbasran/fsoc-portfolio","commit_stats":null,"previous_names":["gbasran/fsoc-portfolio"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/gbasran/fsoc-portfolio","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gbasran%2Ffsoc-portfolio","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gbasran%2Ffsoc-portfolio/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gbasran%2Ffsoc-portfolio/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gbasran%2Ffsoc-portfolio/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gbasran","download_url":"https://codeload.github.com/gbasran/fsoc-portfolio/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gbasran%2Ffsoc-portfolio/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34639700,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-22T02:00:06.391Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["case-study","cybersecurity","defensive-security","homelab","infrastructure","security","security-engineering","threat-modeling"],"created_at":"2026-06-22T07:30:47.535Z","updated_at":"2026-06-22T07:30:50.376Z","avatar_url":"https://github.com/gbasran.png","language":"TeX","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Operation fsoc: Case Study\n\nA defense-first, multi-phase security engineering project I have been running out of my own homelab since August 2025. This repository is a **sanitized writeup**, not a runbook. Specific products, version numbers, narrow category-level descriptions, architectural details, IP addresses, hostnames, domains, and script internals have been deliberately kept out.\n\nIt is run as a systems-engineering effort, not a series of one-off tweaks: a charter, a requirements specification with stable IDs, a requirements traceability matrix, architecture and interface control documents, decision records, as-built documentation, and a verification-and-validation discipline.\n\nWhat is here is the engineering process: the systems-engineering baseline, the threat model structure, the audit methodology, the design goals behind the monitoring scripts, and the integration lessons generalized to the class-of-trap level.\n\n## The documents (read in order)\n\n| # | Document | What it covers |\n|---|---|---|\n| 1 | [`1-Overview.pdf`](1-Overview.pdf) | What the project is, why I built it, high-level architecture, defensive bias, organization, status |\n| 2 | [`2-ThreatModel.pdf`](2-ThreatModel.pdf) | What I defend against, what I explicitly do not, the assume-breach table, severity categories |\n| 3 | [`3-HardeningMethodology.pdf`](3-HardeningMethodology.pdf) | The five-step audit loop, the operational-health dimension, phase ordering, gating protocol |\n| 4 | [`4-ScriptsShowcase.pdf`](4-ScriptsShowcase.pdf) | Production monitoring automation at the goal level (no code, no layer mapping) |\n| 5 | [`5-LessonsLearned.pdf`](5-LessonsLearned.pdf) | Integration traps, generalized to the class-of-trap level |\n| 6 | [`6-Security.pdf`](6-Security.pdf) | What is redacted, what is published, how to report a leak |\n| 7 | [`7-WorkstationMigration.pdf`](7-WorkstationMigration.pdf) | Bringing the operator workstation under the same threat model; the residual risk it does and does not close |\n\nLaTeX sources for all seven are in [`tex/`](tex/).\n\n*Revised 2026-06-15 (rev. 3): updated to today's state and the work planned next. Fleet authentication has finished its cutover to certificate-only access; an operational-health and capacity dimension was added to the monitoring after an outage the security audit could not have caught; a recovery-insurance milestone proved the backups actually restore, escrowed the backup encryption key off the fleet, and put a staleness alarm on the backups themselves; an unused service and a redundant external entry path were retired to shrink attack surface; execution of the change-management process is now governed by a risk-classified automation layer with human approval gates; and the operator-workstation work has progressed to a verified self-healing layer, with a terminal-native command center being built on top. A planned physical relocation of the hardware is the next external deadline and doubles as a full-restore validation. The sanitization gate was extended again to cover the new tooling.*\n\n## Author\n\nGurmann Basran. Computer Science student, Founder at Phuturum Tech, aspiring security engineer. [github.com/gbasran](https://github.com/gbasran)\n\n*The live infrastructure described in this case study is personal, and is not shared with Phuturum Tech's production infrastructure.*\n\n## License\n\nMIT. See [`LICENSE`](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgbasran%2Ffsoc-portfolio","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgbasran%2Ffsoc-portfolio","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgbasran%2Ffsoc-portfolio/lists"}