Projects

Security tooling, writeups, and practical lab work. Built to be useful in real workflows.

Major contributions

Research, analysis, and operational OSINT work.

Discord malware analysis: EclipseOfLegends

Comprehensive analysis of malicious behavior in files shared via Discord.

  • Identified privilege escalation risks with elevate.exe.
  • Analyzed .asar files for potential tampering in Electron-based applications.
  • Detected persistence mechanisms in installer-like executables.

Tools used: YARA, ProcMon, capa.

Hybrid Analysis report

Sample hash: df46dbe66498cd0d9ea8cc62c693172943bc91ff200c06617aa1f5503dae7976

  • Network activity: No significant DNS requests or HTTP connections observed.
  • File system modifications: No notable files extracted or modified.
  • Process activity: RCC.exe (PID: 3320) associated with the sample.
  • Extracted strings: Useful for investigation and detection rule creation.

Full report: Hybrid Analysis link

Content monitoring and abuse reporting (OSINT)

Open-source intelligence work to identify sites and communities violating platform policies or legal norms.

  • Flagged and reported 160+ websites and multiple Discord servers to providers.
  • Submitted evidence via hosting and registrar abuse channels.
  • Produced intelligence summaries for stakeholders when appropriate.
  • Tools used: WHOIS, domain intelligence, reporting platforms (AbuseIPDB, registrar portals).

Twitch moderation and regex development

Built moderation regex to filter spam, malicious links, and abusive content across multiple streams.

Example regex (shortened for UI, keep full pattern in your repo/writeup):

(?i)(^(best|b\se\ss\st) (viewers|v\si\se\sw\se\sr\ss) (on|o\s))...

These rules reduced manual interventions and improved real-time enforcement of chat guidelines.

Browser extensions

Practical SOC workflow helpers: faster lookups, fewer context switches, quicker triage.

AbuseIPDB Check

Quick IP reputation lookups on AbuseIPDB to speed up triage and threat verification.

OSINTSOCFirefox
GitHub

Shodan Lookup

Select an IP/domain and jump straight into Shodan context for quick reconnaissance.

ReconOSINTFirefox
GitHub

VirusTotal Lookup

Lookup URLs, domains, and hashes on VirusTotal to validate IOCs faster.

IOCMalwareFirefox
GitHub

Windows Event Log Lookup

Faster Event ID context while investigating Windows security logs.

WindowsSOCTriage
GitHub

Tools and scripts

Labs, scanners, and small utilities. For demos and PoCs, keep usage ethical and lab-only.

Defensive and investigation

  • Linux Log Analyzer - categorizes auth/system logs to flag suspicious patterns.
  • Windows Security Scanner - checks processes, persistence, connections, and event logs for IOCs.
  • Network Scanner - discovers hosts and MAC/IP inventory on a subnet.
  • System monitoring scripts - disk, load, memory, service status.

Network lab tooling

  • ARP Spoof Detector - monitors unusual ARP activity.
  • DNS Spoofer - lab tool for studying malicious DNS responses.
  • Packet Sniffer - captures traffic for analysis (lab use).
  • MAC Changer - interface spoofing for testing scenarios.

Notes on PoCs

For anything that can be used offensively (interception/spoofing), keep it explicitly scoped to lab education and detection research.

  • Document assumptions and safety controls
  • Pair PoCs with detection and mitigations
  • Show evidence safely (screenshots/logs)