Skip to content
View KKarishan's full-sized avatar

Block or report KKarishan

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
kkarishan/README.md

Hi I'm Keshon! 👋

Programmer | Cybersecurity Professional | SOC Analyst


image About Me

I'm a security-focused developer dedicated to automating the mundane and hunting the sophisticated. Currently spending my time building automated defense pipelines and exploring adversary emulation.

  • 🔭 I’m currently working on Advanced SOC Playbooks
  • 🌱 I’m currently learning Cloud Security Architecture
  • 💬 Ask me about Automation, SIEM, or Malware Analysis

🛠️ Tech Stack

Python Bash Linux Wazuh Splunk Wireshark Metasploit Nmap


image Key Cybersecurity Projects

Automates the analysis of malware samples for both Windows and Linux targets, providing rapid identification of families, binary characteristics, and potential C2 infrastructure without executing the malware.

  • Problem Solved: Reduces manual effort in malware triage, enabling faster and safer identification of threats across multiple platforms.

  • Key Features:

    • Automatic folder watcher for new samples
    • YARA-based family detection
    • PE and ELF parsing with architecture, entropy, and packing analysis
    • XOR-based Mirai C2 extraction with scoring
    • Generic fallback extractor for unknown malware
    • Professional JSON reports and clean terminal output
  • Tools & Tech: Python, YARA, pefile, watchdog, XOR decoding, JSON reporting

Bridge the gap between detection and response by routing Wazuh Manager alerts to mobile devices via the Telegram Bot API.

  • Problem Solved: Reduces the delay in seeing critical security events when away from the SIEM console.
  • Key Features: Customizable alert levels (e.g., only Level 7+), JSON parsing, and asynchronous message delivery.
  • Tools: Python, Wazuh Framework, Telegram API.

A hands-on laboratory environment for simulating and detecting Advanced Persistent Threat (APT) behaviors within a Windows Domain environment.

  • Goal: Identify blind spots in default Windows logging and implement advanced telemetry (Sysmon).
  • Techniques Simualted: Pass-the-Hash, SMB Relay, and RDP Hijacking.
  • Defensive Stack: Splunk, Windows Event Forwarding (WEF), and Snort.

🤳 Connect with me

Keshon | LinkedIn

Pinned Loading

  1. malware-triage-project malware-triage-project Public

    Automated static malware triage pipeline with YARA detection, PE/ELF parsing, and Mirai C2 extraction.

    Python

  2. wazuh-telegram-integration wazuh-telegram-integration Public

    Real-time Wazuh SIEM alerts forwarded to Telegram with MITRE ATT&CK context

    Python

  3. apt-lateral-movement-lab apt-lateral-movement-lab Public

    APT lateral movement simulation lab — Active Directory attack chain with Splunk detection

  4. Suricata-IDS-Splunk-Project Suricata-IDS-Splunk-Project Public

    "A complete hands-on Suricata IDS lab with Splunk integration. Includes threat detection using custom rules, real-world attack simulation, log forwarding via Splunk Universal Forwarder, dashboards,…

    1

  5. active-directory-lab active-directory-lab Public

    Red Team Lab: AD Setup, Logging, and Attack Simulation

    1

  6. splunk-brute-force-dashboard splunk-brute-force-dashboard Public

    Dashboard for detecting brute force attacks in Splunk