🔬 Quantum Threat Intelligence™ (QTI) — Published 2025 (CTI → behavior → detections)
🛠️ Toolsmith for cybersecurity simulation & defense (detection-first, telemetry-driven)
🔍 Focus: Threat Hunting · Detection Engineering · Red Team Ops · Memory Forensics · CTI Pipelines
📊 Method: Offensive R&D → realistic adversary emulation → measurable detections & rules
🚀 Projects: KeysGuard • CyberNetics • AIShadow
⚙️ Philosophy: Always learning, always building — across code, systems, and adversary logic
- Detection content: Sigma/YARA rulecraft, tuning, coverage mapping (MITRE ATT&CK) |
- Threat simulation: atomic-style tests, emulation plans, and operator workflows |
- CTI automation: enrichment, clustering, fusion, and “intel-to-detection” pipelines |
- Memory-focused security R&D: triage, artifacts, tradecraft-aware analysis |
🛰️ “Assume breach. Simulate smarter.”
⚡ Detect · Defend · Dominate
- OWLWATCH – Developed a daily automation and reporting tool integrating Jinja2 templates, GitHub Actions, and Discord webhooks.
- Sigma Rule Development – Authored numerous detection rules focusing on lateral movement, remote execution, and other adversary techniques across Windows (e.g., PsExec, Msiexec, InstallUtil, Certutil, Schtasks, Wmic, Bitsadmin, Rundll32, MsBuild, Certreq, Wevtutil, Regsvcs/Regasm, At.exe, net use).
- Falco Runtime Rules – Added container runtime security rules to FALCOSEC for detecting suspicious remote script execution and network events.
- Threat Hunting Insights – Published CTI-driven hunting reports linking Sigma detection rules with MITRE tactics and providing actionable hunting tips (msiexec, wevtutil, PsExec, net use, certutil, at.exe).
Feel free to explore these repositories and contributions!