I'm a security-focused developer dedicated to automating the mundane and hunting the sophisticated. Currently spending my time building automated defense pipelines and exploring adversary emulation.
- 🔭 I’m currently working on Advanced SOC Playbooks
- 🌱 I’m currently learning Cloud Security Architecture
- 💬 Ask me about Automation, SIEM, or Malware Analysis
Automates the analysis of malware samples for both Windows and Linux targets, providing rapid identification of families, binary characteristics, and potential C2 infrastructure without executing the malware.
-
Problem Solved: Reduces manual effort in malware triage, enabling faster and safer identification of threats across multiple platforms.
-
Key Features:
- Automatic folder watcher for new samples
- YARA-based family detection
- PE and ELF parsing with architecture, entropy, and packing analysis
- XOR-based Mirai C2 extraction with scoring
- Generic fallback extractor for unknown malware
- Professional JSON reports and clean terminal output
-
Tools & Tech: Python, YARA, pefile, watchdog, XOR decoding, JSON reporting
Bridge the gap between detection and response by routing Wazuh Manager alerts to mobile devices via the Telegram Bot API.
- Problem Solved: Reduces the delay in seeing critical security events when away from the SIEM console.
- Key Features: Customizable alert levels (e.g., only Level 7+), JSON parsing, and asynchronous message delivery.
- Tools: Python, Wazuh Framework, Telegram API.
A hands-on laboratory environment for simulating and detecting Advanced Persistent Threat (APT) behaviors within a Windows Domain environment.
- Goal: Identify blind spots in default Windows logging and implement advanced telemetry (Sysmon).
- Techniques Simualted: Pass-the-Hash, SMB Relay, and RDP Hijacking.
- Defensive Stack: Splunk, Windows Event Forwarding (WEF), and Snort.