Security Policy

🛡️ Educational Purpose Statement

This website is an educational cybersecurity portfolio created and maintained by Duc Nguyen, a third-year Information Security student at FPT University Hanoi. This site serves as a platform for documenting academic projects, security research, and professional development in the field of cybersecurity.

📚 Content Classification

✅ What This Site Contains

This portfolio includes the following types of educational content:

• Academic Project Documentation: Lab exercises, coursework, and university assignments
• Security Research Discussions: Analysis of published vulnerabilities, threat intelligence, and security frameworks
• Technical Tutorials: Step-by-step guides for learning cybersecurity tools and methodologies
• Code Samples: Educational scripts and proof-of-concept demonstrations (non-malicious)
• Industry Best Practices: Security recommendations, hardening guides, and defensive strategies
• CTF Writeups: Solutions to Capture The Flag challenges from platforms like TryHackMe and Hack The Box
• Tool Reviews: Analysis of legitimate security tools (Nmap, Wireshark, Splunk, etc.)
• Career Development: Certification progress, learning paths, and professional goals

❌ What This Site Does NOT Contain

To be absolutely clear, this website does NOT host, distribute, or provide:

• ❌ Actual malware files or malicious binaries
• ❌ Zero-day exploits or unpublished vulnerabilities
• ❌ Illegal hacking tools or unauthorized access methods
• ❌ Instructions for malicious activities or criminal behavior
• ❌ Stolen credentials, personal data, or confidential information
• ❌ Phishing kits, ransomware, or any harmful software
• ❌ Links to dark web resources or illegal marketplaces
• ❌ Any content that violates laws or ethical guidelines

🎓 Educational Framework

All content on this site adheres to the following principles:

Academic Integrity

• Content is created for coursework, assignments, and personal learning
• All research references legitimate, publicly available sources
• Proper attribution is given to original authors and researchers
• No plagiarism or unauthorized use of copyrighted material

Ethical Hacking Standards

• All security testing is performed in controlled lab environments
• No unauthorized access to systems or networks
• Compliance with responsible disclosure policies
• Adherence to “white hat” ethical hacking principles

Legal Compliance

• Full compliance with Vietnamese law and international regulations
• No violations of computer fraud or cybercrime statutes
• Respect for intellectual property and privacy rights
• Alignment with university code of conduct

Industry Guidelines

This portfolio follows standards established by:

• NIST Cybersecurity Framework
• OWASP Security Principles
• SANS Institute Ethical Guidelines
• EC-Council Code of Ethics
• (ISC)² Code of Professional Ethics

🔬 Research Methodology

Lab Environment

All technical demonstrations and security research are conducted in:

• Isolated Virtual Machines: Using VMware/VirtualBox with no network access
• Sandboxed Environments: Dedicated malware analysis labs with FakeNet
• Home Lab Setup: Personal infrastructure for safe testing
• Educational Platforms: TryHackMe, Hack The Box, LetsDefend (authorized environments)

Data Sources

Technical content references only:

• Published CVE databases (NVD, MITRE)
• Academic security papers and conference presentations
• Vendor security advisories and patch bulletins
• Open-source intelligence (OSINT) from public sources
• Legitimate security blogs and research publications

Responsible Disclosure

If vulnerabilities are discovered during research:

1. Never publicly disclose without vendor coordination
2. Follow CVE reporting procedures
3. Allow adequate time for patching (typically 90 days)
4. Document findings for educational purposes only after resolution

🚨 Reporting Security Concerns

If you have concerns about content on this site or believe something violates security/ethical guidelines:

Contact Information

• Primary Contact: nminhducit@gmail.com
• GitHub: @nminhducit
• LinkedIn: linkedin.com/in/nminhducit
• Response Time: Within 48 hours for security concerns

What to Report

Please notify us if you observe:

• Content that could be misinterpreted as malicious
• Broken links to suspicious domains
• Code samples that appear harmful
• Any material that violates our educational mission
• Actual security vulnerabilities in this website’s code

Report Format

Subject: Security Concern - [Brief Description]

Description:
- URL/Page affected: [specific link]
- Nature of concern: [explain the issue]
- Suggested action: [optional]

Contact: [your email if you want a response]

🔐 Website Security

This Site’s Security Measures

• HTTPS Encryption: All traffic secured via TLS
• Content Security Policy: Strict CSP headers to prevent XSS
• No User Data Collection: No login system, no personal data storage
• Static Site: Jekyll-generated static HTML (no server-side vulnerabilities)
• GitHub Pages Hosting: Leveraging GitHub’s security infrastructure
• Regular Updates: Dependencies and plugins kept current

Vulnerability Disclosure for This Site

If you discover a security vulnerability in this website itself (not the educational content):

1. Do NOT publicly disclose the vulnerability
2. Email details to: nminhducit@gmail.com with subject “Security Vulnerability Report”
3. Include:
   • Vulnerability type (XSS, CSRF, etc.)
   • Steps to reproduce
   • Potential impact
   • Suggested fix (optional)
4. Allow 7 days for initial response
5. We will coordinate disclosure timeline with you

Acknowledgments

We will publicly acknowledge security researchers who responsibly disclose vulnerabilities (unless you prefer to remain anonymous).

📖 Content Disclaimer

Language & Context

When reading technical content on this site, please note:

• “Malware Analysis” = Academic study of malicious software behavior (no actual malware)
• “Exploitation” = Understanding vulnerabilities for defensive purposes (not attacking systems)
• “Hacking Tools” = Legitimate security tools used by professionals (Nmap, Wireshark, etc.)
• “Reverse Engineering” = Educational analysis of software (legal, ethical samples only)

Reader Responsibility

By accessing this content, you agree to:

• Use information for legal and ethical purposes only
• Not attempt any unauthorized access to systems
• Comply with all applicable laws in your jurisdiction
• Understand that misuse of knowledge is your responsibility, not ours

🎯 Site Purpose

This portfolio serves to:

1. Document Learning Journey: Track progress in cybersecurity education
2. Demonstrate Skills: Showcase technical abilities to potential employers
3. Share Knowledge: Help other students learning cybersecurity
4. Professional Development: Build online presence in the security community
5. Academic Portfolio: Maintain a record of coursework and projects

📜 Legal Notice

Copyright

• All original content © 2025 Duc Nguyen
• Code samples released under MIT License (see LICENSE file)
• Third-party content properly attributed

Fair Use

Technical discussions may reference:

• Publicly disclosed vulnerabilities
• Published malware families (by name only, no samples)
• Security tools and their legitimate uses
• Academic papers and research

All such references constitute fair use for educational purposes.

Jurisdiction

This site is operated from Vietnam and complies with Vietnamese law. Content is intended for a global educational audience.

🔄 Updates & Maintenance

• Last Updated: January 2025
• Review Frequency: Quarterly
• Version: 1.0
• Next Review: April 2025

This policy may be updated to reflect changes in:

• Educational focus or content
• Legal requirements
• Industry best practices
• Feedback from the security community

Significant changes will be announced via commit history on GitHub.

📞 Additional Resources

Professional Organizations

• (ISC)²: Information Systems Security Certification Consortium
• EC-Council: Ethical Hacking Certification Body
• SANS Institute: Security Training and Certification

Ethical Hacking Guidelines

• OWASP Code of Ethics
• EC-Council Code of Ethics
• Cybersecurity Canon

✅ Verification

This security policy is:

• Publicly accessible at: https://nminhducit.github.io/SECURITY.md
• Version controlled on GitHub
• Cryptographically signed via Git commits
• Transparent in our educational mission

Site Verification

• Google Search Console: Verified
• GitHub Repository: github.com/nminhducit/nminhducit.github.io
• Academic Affiliation: FPT University Student (verifiable via .edu email)

🤝 Community

We welcome:

• Constructive feedback on technical accuracy
• Suggestions for educational content
• Collaboration on open-source security projects
• Networking with fellow security students and professionals

We do NOT welcome:

• Requests for malicious tools or exploits
• Attempts to use content for illegal activities
• Harassment or unprofessional communication
• Misrepresentation of our educational mission

Thank you for taking the time to understand our commitment to ethical, educational cybersecurity content.

For questions about this policy, contact: nminhducit@gmail.com