Certified blue-team defender. I build my own SOC, then break it, investigate it, and harden it. Every step documented.
role : SOC Analyst · Blue Team Defender
lab : Proxmox · pfSense · Wazuh 4.14.5 · Authentik · Docker · Pterodactyl
focus : Detection Engineering · Threat Hunting · Incident Response · CIS Hardening
certs : Security+ Certified · CySA+ Certified · THM SOC L1 (Advanced)
audits : CIS Ubuntu 24.04 L1 · 88.9% · USG Level 2 Server · 90.8%| Repo | What | |
|---|---|---|
| 🛡️ | Security Analyst Portfolio | Sigma rules · IR playbooks · NIST writeups |
| 🔴 | Wazuh SIEM Recovery | Broke → fixed → hardened · CIS 88.9% · USG L2 90.8% |
| 🏠 | Home Network Lab | VLAN segmentation · IDS/IPS · log aggregation |
| 🐍 | Automated Phish Extractor | Python IOC extraction in 30 seconds |
| 🎧 | Slo-Fi | Browser audio engine · TypeScript · Web Audio API · client-side, zero data exfiltration |
╔══════════════════════════════════════════════════════════════╗
║ INCIDENT Wazuh SIEM Full Pipeline Failure · 2026-04-24 ║
╠══════════════════════════════════════════════════════════════╣
║ PROBLEM 0 dashboard entries · all services active ║
║ CAUSE Admin hash mismatch · missing OpenSearch role ║
║ Dashboard keystore overriding yml config ║
║ FIXED Auth chain repaired · roles created ║
║ Keystore updated · auditd conflicts resolved ║
║ AUDITS CIS Ubuntu 24.04 L1 88.9% ✓ ║
║ USG Level 2 Server 90.8% ✓ ║
╠══════════════════════════════════════════════════════════════╣
║ RESULT CIS Score 83.0% >>>>>>>>>>>>>>> 88.9% ✓ ║
║ ║
║ STATUS RESOLVED ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ ║
╚══════════════════════════════════════════════════════════════╝
🟢 "The attacker needs to be right once. The defender needs to be right every time."



