"Consistency is the currency of mastery."
This repository serves as a living portfolio of my daily professional practice in Blue Team Operations, Threat Intelligence, and Security Engineering.
My goal is to bridge the gap between theory and practice by dedicating 30 minutes every single day to high-impact drills ("Reps"). Each entry represents a specific skill applied to a real-world scenario.
I organize my "Reps" into the following domains:
| 📁 Folder | 🎯 Focus Area | 🛠️ Tools Used |
|---|---|---|
/Threat-Intel-Reports |
Translating technical vulnerabilities into executive risk briefs. | MITRE ATT&CK, CVE Database, CVSS |
/Detection-Logic |
Writing SIEM rules to detect attacker behavior. | Splunk (SPL), Sigma, YARA |
/Traffic-Analysis |
Investigating PCAPs to identify malicious packets. | Wireshark, Zeek, Brim |
/Scripting-Automation |
Python/Bash scripts to automate security tasks. | Python, Requests, Pandas |
/Malware-Analysis |
Deobfuscating scripts and analyzing IOCs. | CyberChef, PEStudio, Ghidra |
- [2026-01-20] LangChain Critical Vulnerability (CVE-2025-68664)
- Type: Malware Analysis
- Summary: Deobfuscated a Base64-encoded Python backdoor. Analyzed
os.dup2I/O redirection logic to map the C2 flow without executing the payload. - Link to Report
- [2026-01-06] Volt Typhoon Analysis
- Type: Threat Intelligence Brief
- Summary: Analyzed command-line artifacts observed in Volt Typhoon campaign.
- Link to Report
- [2026-01-04] Emotet Dropper Analysis
- Type: Malware Analysis
- Summary: Deobfuscated and analyzed a dropper utilized by Emotet malware family.
- Link to Report
- SIEM & Log Analysis: Splunk, ELK Stack
- Network Forensics: Wireshark, TCPDump
- Frameworks: MITRE ATT&CK, Cyber Kill Chain
- Languages: Python (Automation), SPL (Search Processing Language)