Projects
项目
Kali Pentest Agent
An AI-powered penetration testing agent built on Kali Linux. Automates reconnaissance, vulnerability scanning, and exploitation workflows using LLM-driven decision making. Supports custom toolchains and integrates with existing red team infrastructure.
SOC Automation Playbooks
A collection of SOAR playbooks designed for common SOC workflows. Covers alert enrichment from multiple sources, automated escalation based on severity, ticket creation, and post-incident reporting. Compatible with major SOAR platforms.
Sentinel Detection Rules
Custom Microsoft Sentinel analytics rules, workbooks, and hunting queries. Includes rules for endpoint threats, cloud audit anomalies, identity-based attacks, and lateral movement detection. Maintained as detection-as-code with CI/CD validation.
AI Security Orchestrator
An experimental platform for LLM-driven security orchestration. Uses language models to analyze alerts, correlate events across data sources, and propose response actions. Explores the boundary between automated response and human-in-the-loop workflows.
EDR Telemetry Analyzer
A toolkit for analyzing EDR telemetry data. Parses and normalizes endpoint logs, identifies suspicious process chains, and generates forensic timelines. Supports multiple EDR vendors through a pluggable adapter architecture.
Cloud Security Posture Scripts
Python scripts for automated cloud security posture assessment. Checks AWS, Azure, and GCP configurations against CIS benchmarks and custom security policies. Generates compliance reports and remediation suggestions.