A showcase of blue-team engineering projects covering detection engineering, incident response, and threat intelligence automation. This repo contains Sigma rules, SOAR scripts, and log analysis workflows for real-world security ops.
- Sigma rule writing & validation
- Automated SOAR playbooks
- Log parsing and threat hunting
- Secret scanning & malware analysis
- Incident response reporting templates
Most security analysts lack realistic labs to practice incident detection and response.
Create a SOC-in-a-box simulation environment using:
- Zeek and Suricata for network telemetry
- Wazuh for host-based monitoring
- Filebeat + Logstash + Elasticsearch + Kibana (ELK)
- Attack simulation via Atomic Red Team
- Simulate insider and external threats
- Build dashboards for alert investigation
- Integrate with Sigma rules and MITRE ATT&CK
Organizations struggle to protect users from newly launched phishing sites.
Intercept and analyze user HTTP traffic using:
- Squid proxy server
- Real-time URL analysis API (e.g., VirusTotal, PhishTank)
- Python backend for decision making
- Alerting via Slack or email
- Block or warn users visiting dangerous domains
- Log all phishing attempts with metadata
- Provide daily phishing attempt summaries
Developers accidentally commit secrets (API keys, tokens) to public repositories.
Build a GitHub Actions-based scanner:
- Uses truffleHog or custom regex patterns
- Automatically revokes credentials via API (e.g., AWS, GCP, Stripe)
- Sends report to Slack or email
- Scan new pushes and PRs for secrets
- Auto-revoke and notify on detection
- Generate compliance audit reports