Open-source Blue Team SOC platform - threat intel, IOC analysis, phishing simulations & incident management
-
Updated
Jun 12, 2026 - TypeScript
Open-source Blue Team SOC platform - threat intel, IOC analysis, phishing simulations & incident management
Comprehensive phishing incident response simulation with email forensics, threat intelligence enrichment, and NIST-aligned playbook
SOC / DFIR investigations portfolio with hands-on lab cases covering SIEM alert triage, Phishing Analysis, Malware analysis, Endpoint detection, Network Analysis. Built to demonstrate practical SOC Analyst L1/L2 and DFIR skills.
Hands-on threat hunting and SOC investigations using Microsoft Defender for Endpoint and KQL. Real scenarios covering brute force detection, lateral movement, and IOC analysis mapped to MITRE ATT&CK.
An attacker deploys an "evil twin" Wi-Fi access point with the same SSID (network name) as a legitimate network. Devices auto-connect based on familiar SSID memory. The attacker silently captures the WPA2/WPA3 four-way handshake as the client connects.
In this second case study of the structured IOC triage series, we examined a subtle but dangerous host-based compromise involving the abuse of the Windows utility `rundll32.exe` to execute a malicious DLL payload.
Automated OSINT threat intelligence aggregator with Streamlit dashboard. Queries 6 sources (VirusTotal, AbuseIPDB, Shodan, URLhaus, OTX, RDAP) and produces weighted verdicts for IPs, domains, URLs, and file hashes.
This project focuses on analyzing a phishing email
SOC IntelHub — IOC Triage Dashboard (VirusTotal + AbuseIPDB + OTX + MITRE Mapping) A portfolio project for SOC analysis, threat enrichment & automated ATT&CK mapping.
This IOC captures a foundational stage in the cyber kill chain: reconnaissance — where the attacker has not yet breached the system, but is actively probing to discover what might be open, unguarded, or improperly exposed.
Dockerized Cyber Threat Intelligence platform — IOC lookup via VirusTotal + AbuseIPDB | MongoDB persistence | Bootstrap dark dashboard | Flask + Docker Compose
This case study demonstrates how a seemingly benign protocol — DNS — can be subverted into a covert exfiltration channel when outbound traffic is tightly restricted.
TryHackMe walkthrough focused on analysing a suspicious binary, extracting IOCs, and correlating alerts to trace malicious activity.
This case study documents an advanced persistence technique involving a scheduled task launching base64-encoded PowerShell, used to execute malicious commands without dropping traditional malware to disk.
This case study analyzed a low-complexity but real-world-relevant example of attacker persistence using the built-in Windows utility schtasks.exe.
Static and dynamic malware analysis of a trojanized Windows executable using FLARE VM, FLOSS, Metasploit, and Kali Linux.
End-to-end phishing investigation playbook covering email analysis, KQL hunting, identity compromise assessment, IOC extraction, threat hunting, detection opportunities, and remediation.
This repository documents real-world forensic triage cases involving the abuse of legitimate Windows binaries—also known as LOLBins—for malicious purposes.
Python-based threat intelligence pipeline with MITRE ATT&CK mapping and visualization
TryHackMe write-up for Invite Only, focused on analysing flagged IPs, hashes, dropped files, and threat intelligence reports.
Add a description, image, and links to the ioc-analysis topic page so that developers can more easily learn about it.
To associate your repository with the ioc-analysis topic, visit your repo's landing page and select "manage topics."