Real-time IOC aggregation system ingesting STIX/TAXII feeds from CISA, OTX, and MISP. Auto-enriches via VirusTotal, Shodan, and AbuseIPDB. Maps to MITRE ATT&CK TTPs and pushes to Splunk SIEM. Reduced analyst triage time by 60% in production.
Modular OWASP Top 10 aligned toolkit. Automates recon, SQLi/XSS/SSRF/LFI scanning, exploitation, and generates professional PDF reports. Used in real client engagements.
Documented HTB machines, TryHackMe rooms, and CTF challenge solutions. Covers web exploitation, forensics, rev eng, and privilege escalation. TryHackMe: Top 5% (0xgh0stx). HTB: @0100M.
ML pipeline using Isolation Forest and LSTM trained on Zeek netflow data. Detects C2 beaconing, lateral movement, and DNS tunneling without signatures. 94%+ accuracy on C2 detection.
Pre-engagement attack surface mapper combining Shodan, CT logs, email harvesting, GitHub dorking, and HIBP breach checks into a unified red team recon workflow.