π SOC Analyst | Penetration Tester | OT/ICS Security Enthusiast
I began my professional journey as a soil physicist, earning a Ph.D. in Soil Physics and conducting advanced research in soil hydrodynamics, carbon modeling, and geospatial data analysis. I was a former full-stack developer with 15+ years in secure software engineering, now focused on threat detection, incident response, penetration testing, and operational technology (OT) security. Certified in CompTIA Security+ and AWS Cloud Practitioner, actively pursuing OSCP and CySA+.
- π SOC Operations: SIEM (Splunk, Microsoft Sentinel, ELK), EDR (Carbon Black), phishing analysis, threat hunting
- 𧨠Offensive Security: Penetration testing with Metasploit, Nmap, Burp Suite, Wireshark, Nessus, privilege escalation
- βοΈ Cloud & Infrastructure: AWS IAM, GuardDuty, CloudTrail, Zero Trust, secure network architecture
- π OT/ICS Security: Modbus/BACnet simulation, Purdue Model, ISA/IEC 62443 alignment
- π Security Automation: Python (Pandas, NumPy) for log correlation, anomaly detection, Splunk dashboarding
- Hack The Box CPTS (In Progress) β 15+ machines, focus on Linux/Windows privilege escalation
- OSCP Labs β Buffer overflows, web app exploitation, Active Directory attacks
- SIEM Home Lab β Splunk-based SOC simulation with real-time threat detection & NIST 800-61 workflows
- Container & API Hardening β Trivy/Clair scans, OWASP Top 10 testing with Burp Suite/Postman
- ICS Cyber Range β Simulated attacks on industrial protocols (Modbus, BACnet)
- Advanced Active Directory attacks & lateral movement
- Purple teaming & MITRE ATT&CK framework mapping
- YARA, Sigma, and custom detection rules for SIEM
- Kotlin for secure mobile app development
| Tactic | Technique | Application |
|---|---|---|
| Initial Access | T1190 β Exploit Public App | Laravel debug mode β RCE |
| Execution | T1059.006 β Python | Reverse shell via cron |
| Persistence | T1053 β Scheduled Task | at job + encoded payload |
| Privilege Escalation | T1068 β Kernel Exploit | Dirty COW, SUID binary |
| Defense Evasion | T1070.004 β Log Clear | shred, wevtutil cl |
| Lateral Movement | T1021.001 β RDP | Pass-the-Hash + RDP |
| Exfiltration | T1041 β C2 Channel | DNS tunneling, HTTPS POST |
- Master Linux/Windows CLI,
netstat,wmic,tasklist - Complete TJNullβs HTB List (50 retired boxes)
- Write one-liner enumeration scripts
nmap -sC -sV -p- --min-rate 1000 -oA scan <IP>
gobuster dir -u http://<IP> -w medium.txt -x php,html,txt- Open-source SIEM detection content (Splunk, Sigma)
- Penetration testing tools & exploit development
- OT security automation (IaC, Ansible, Python)
- Threat intelligence platforms & automated phishing triage
π§ ewan.mails -{at}- gmail -|dot|- com
π LinkedIn | GitHub