blue-team / cloud-security / systems

HAITAO ZHENG
(TAO)

Cyber Security & Privacy | Systems & Infrastructure Engineering

h@tzheng.dev tzheng.dev 0xTaoZ

02

security tools shipped

01

upstream PR in review

CSP

cyber security & privacy track

Haitao Zheng

Selected work

Projects.

Small tools and practical work around logs, IOCs, cloud security, and detection engineering.

View GitHub
Python AWS CloudTrail Tests

Featured build

cloudtrail-quickscan

A small CLI that reads CloudTrail JSON and reports suspicious events such as failed logins, root activity, IAM changes, security group changes, and uncommon regions.

$ cloudtrail-quickscan sample.json

Events checked: 5

Findings: HIGH=1, MED=3, LOW=1

Output: text / json

Full project note +

Why it exists: CloudTrail is one of the first places I want to understand better for cloud security. This project keeps the scope small: load fake or exported events, run readable checks, and print a result that can be reviewed quickly.

Implementation: Plain Python parser, rule functions, fake CloudTrail samples, JSON output, contribution notes, and unit tests.

Next step: Add a few investigation playbooks and more realistic sample events.

github.com/0xTaoZ/cloudtrail-quickscan
Open Source CloudFormation PR

cfn-lint contribution

A focused upstream fix for a false positive in the legacy Elasticsearch domain instance type enum.

Contribution notes +

Issue: `AWS::Elasticsearch::Domain` was being checked with OpenSearch `.search` instance names.

Patch: Restore `.elasticsearch` values for the legacy resource and add a regression fixture.

aws-cloudformation/cfn-lint#4566
Python IOC Blue Team

Sentinel-IOC-Toolkit

A lightweight tool for extracting IOCs from logs and preparing them for security analysis workflows.

Project details +

Background: Built around a practical blue-team workflow: collect messy text, extract useful indicators, and make the result easier to review.

Next step: Add tests, sample logs, and clearer CLI documentation.

github.com/0xTaoZ/Sentinel-IOC-Toolkit
HTML Design Portfolio

tzheng.dev

This personal site: a compact portfolio for education, projects, notes, and security-focused engineering work.

Site direction +

Goal: Keep the site fast and simple while making the information architecture more useful.

Next step: Add short project writeups and research notes over time.

github.com/0xTaoZ/tzheng.dev

Education.

A rigorous foundation in engineering and privacy.

H-BRS

Bonn-Rhein-Sieg University of Applied Sciences (H-BRS)

Germany
Oct 2025 – Present

B.Sc. Cyber Security & Privacy

Academic Focus: Building strong engineering foundations across Java Programming, Linux environments, Networking Protocols, SQL-based Database Systems, Mathematics, and Technische Informatik (Digital & Analog Electronics).

Privacy & Security: Focused study of the General Data Protection Regulation (GDPR), Privacy-by-Design principles, and infrastructure-oriented cybersecurity within modern European regulatory environments.

Technical Coursework & Projects: Actively working on systems-focused programming assignments and technical projects involving Java, C, SQL, networking, and Linux-based environments.

FHM

FHM University of Applied Sciences

Bielefeld, Germany
Dec 2024 – June 2025

Accelerated University Transition & FSP

Academic Acceleration: Successfully completed the German university preparatory pathway (Feststellungsprüfung / FSP) — the national Abitur-equivalent — within a single high-intensity semester.

Language Achievement: Attained certified German C1 Proficiency within the same 6-month timeframe of academic immersion.

Harvard

Harvard University

CS50x
2024

Computer Science Foundations Certified Completion

Engineering Foundations: Successfully completed Harvard’s CS50x curriculum through intensive project-based coursework focused on algorithms, data structures, computational problem solving, low-level memory concepts in C, Python programming, SQL, and foundational web development.

Final Project: Completed a final independent programming project demonstrating structured software design, debugging workflows, and practical problem-solving under self-driven development conditions.

Jimei

Xiamen Jimei Middle School

Sept 2021 – June 2024

High School Diploma Nationally Recognized Provincial Key High School

Academic Background: Completed a rigorous science-focused academic track at an elite institution with a century-long heritage.

Gaokao Achievement: Achieved high-ranking results in the National Higher Education Entrance Examination (Gaokao), qualifying for admission to top-tier undergraduate programs.

Technical Toolkit.

Engineering robust and secure environments.

Systems & Infrastructure

Hands-on knowledge of Linux environments, networking fundamentals, and secure VPN tunneling.

Cloud Research

Currently researching Cloud Infrastructure and server hardening to optimize infrastructure resilience.

Deployment

Expanding expertise in Cloudflare-based deployment workflows and edge infrastructure.

Development

Building competencies across Java, Python, C, and SQL with a focus on security-conscious programming.

AI-Enhanced Workflows

Leveraging LLM-assisted engineering and modern AI tooling to enhance development productivity and technical research.

Research log

Notes.

Short notes from projects, labs, and open-source work. Simple writing, focused on what changed and what was learned.

Research log 2026-06

Reading CloudTrail logs by hand

A short note about failed console logins, root account events, IAM changes, and why small log samples are useful before using bigger tools.

Read note +

I started with a small fake CloudTrail file because real cloud logs can get noisy very fast. A small sample makes it easier to ask basic questions first: who did the action, where did it happen, and was it normal for this account?

The most useful checks were simple ones: failed console login, root account activity, IAM access key changes, security group changes, and events from regions I do not expect. These are not final detections, but they are good starting points for a review.

My next step is to add short investigation notes for every rule. I want each finding to answer: what happened, why it matters, and what I should check next.

AWS logs
Open source 2026-06

What makes a small PR good

A practical reminder: reproduce the bug, keep the patch small, add one test or fixture, and explain what was verified.

Read note +

I used to think open source contribution means big features. Now I think a small bug fix can be better. A good PR should make the maintainer's job easy.

The pattern I like is simple: find a real issue, reproduce it, keep the diff focused, add a small test or fixture, and write the PR description with the exact reason for the change.

The hard part is not the code only. It is also understanding how the project wants changes to be made. If the maintainer wants the fix in another place, I should adjust instead of defending my first version too much.

open-source workflow
Blue team 2026-06

IOC extraction as a first blue-team tool

Notes on parsing IPs, URLs, and hashes from text, and why the output format matters for later investigation.

Read note +

IOC extraction is a good first tool because it is small but still close to real security work. Logs and reports often have IPs, URLs, domains, and hashes mixed with normal text.

The first version does not need to be smart. It should be predictable. I care more about clean output, duplicate removal, and simple tests than trying to detect everything.

Later, the tool can connect to reputation APIs or export to CSV/JSON. But the base should stay readable, because I want to understand each step instead of hiding everything behind a big framework.

IOC Python

Languages.

English

C2 Professional.

German

C1 Advanced Academic.

Mandarin

Native.

Hokkien

Fluent.

Japanese

A2 Elementary.

Personal Interests.

Photography

Dedicated enthusiast using a Nikon D750. Focused on Portrait, Humanistic, and Landscape photography.

Athletics & Fitness

Passionate about Football, Skateboarding, Basketball, Badminton, and Volleyball. Consistent Strength Training.

Global Insight & Cycling

Enthusiast for recreational off-road cycling. Interested in Geopolitics, Financial Investment, and global markets.