Skip to content
View beathunterzero's full-sized avatar
:shipit:
:shipit:
0 followers · 4 following

Block or report beathunterzero

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
beathunterzero/README.md

About Me

Cybersecurity professional with experience in Cloud Incident Response, SOC operations, and multicloud security, currently focused on Threat Hunting, Detection Engineering, DFIR, and technical telemetry analysis.

I build security labs, document investigation workflows, develop detection logic, and create technical tools to support practical threat analysis.

My work follows a structured methodology based on MITRE ATT&CK, Cyber Kill Chain, and Hypothesis-Driven Threat Hunting: understanding adversary behavior, validating it through telemetry, documenting evidence, and turning it into actionable detections.

Current Focus

  • Hypothesis-Driven Threat Hunting using MITRE ATT&CK and Cyber Kill Chain.
  • Detection Engineering with Elastic Security, Kibana, KQL, and Microsoft Sentinel.
  • Telemetry analysis across endpoints, Windows/Linux systems, and cloud sources.
  • DFIR and endpoint investigation with Sysmon, Velociraptor, and security logs.
  • Network analysis and packet review with Wireshark.
  • Building reproducible labs with Docker, WSL, and Linux environments.
  • Technical documentation of investigations, detections, procedures, and evidence.

Technical Stack & Tools

Threat Hunting & Detection Engineering

Threat Hunting Detection Engineering Hypothesis Driven Hunting MITRE ATT&CK Cyber Kill Chain Sysmon Velociraptor

SIEM, Logging & Detection Platforms

Microsoft Sentinel KQL Elastic Security Elasticsearch Kibana Filebeat Wireshark

Cloud Security

Azure Microsoft Defender Defender for Cloud AWS AWS GuardDuty AWS Detective AWS CloudTrail Oracle Cloud Check Point CloudGuard

DFIR & Incident Response

DFIR Incident Response Windows Event Logs Linux Logs Sysmon Velociraptor Wireshark

Automation, Scripting & Labs

Python PowerShell Bash Docker Docker Compose WSL2 Linux Ubuntu Debian Git Visual Studio Code

Threat Intelligence & Enrichment

Threat Intelligence OSINT VirusTotal OTX AlienVault IBM X-Force

AppSec & Security Validation

OWASP Top 10 Burp Suite OWASP ZAP Nessus Linux Hardening Secure SDLC

Pinned Loading

  1. carnada carnada Public

    Python command-line tool designed to run locally for secure password generation and strength checking. It requires no storage, no network calls, and no external dependencies.

    Python 1

  2. cyber-threat-hunting cyber-threat-hunting Public

    Structured Threat Hunting knowledge base and lab. Document hypotheses, investigations, and detections using MITRE ATT&CK and Cyber Kill Chain.

    1

  3. cyber-threat-hunting-lab-logs cyber-threat-hunting-lab-logs Public

    Controlled lab logs, PCAPs, Kusto queries, analyst notes, and reproducible material for hypothesis-driven Cyber Threat Hunting investigations.

    1

  4. elastic-security-lab elastic-security-lab Public

    Hands-on Elastic Security lab for Threat Hunting and Detection Engineering using Elasticsearch, Kibana, and Filebeat. Includes log ingestion pipelines, training datasets, and a local SOC-style envi…

    1

  5. engineering-knowledge-base engineering-knowledge-base Public

    Structured IT technical documentation covering tooling, automation, and system setup (PowerShell, Git, WSL, Python, Docker). Includes practical scripts and best practices.

    2

  6. velociraptor-security-lab velociraptor-security-lab Public

    1