Section
12 pages
Projects
Tools, automations, and integrations built across threat intelligence, security operations, and detection engineering.
Automated Threat Intelligence Report Generator
A pipeline that pulls IOCs, TTPs, and threat actor profiles from MISP, VirusTotal, and open sources, then automatically generates structured HTML and PDF threat intelligence reports.
SIEM Alert Tuning Automation
Automated pipeline for analysing SIEM alert fidelity, identifying false positive patterns, generating suppression recommendations, and tracking detection health over time.
Threat Hunting: Network-Based Techniques
Network traffic analysis techniques for hunting C2 beaconing, DNS tunnelling, data exfiltration, and anomalous lateral movement using SIEM queries and flow data.
Threat Hunting with MITRE ATT&CK
A structured methodology for hypothesis-driven threat hunting using the MITRE ATT&CK framework — from selecting techniques to building hunt packages, writing SIEM queries, and documenting findings.
SOAR Playbook: Vulnerability Management Automation
Automated CVE ingestion, asset correlation, CVSS-based prioritisation, and patch ticketing — turning raw scanner output into an actionable, risk-ordered remediation queue.
SOAR Playbook: Ransomware Response
A structured SOAR playbook for ransomware incidents — from initial detection through isolation, scope assessment, recovery coordination, and post-incident hardening.
YARA Rules for Malware Detection
Custom YARA rules for detecting malware families and attacker tooling observed in regional threat campaigns, with authoring methodology, testing procedures, and SIEM integration.
SOAR Playbooks: Phishing & Compromised Account Response
Production-ready SOAR playbooks for phishing response and compromised account containment — with full step-by-step logic, decision trees, and integration pseudocode.
