Projects

Security projects and open-source tools.

security

OT SOC-in-a-Box

A containerized Security Operations Center for industrial control systems (OT/ICS), simulating a complete OT environment with a 7-phase attack simulation, custom Suricata IDS rules, Wazuh correlation rules, and automated SOAR incident response. Detections mapped to MITRE ATT&CK for ICS, NIST SP 800-82, and ISA/IEC 62443.
View on GitHub

Wazuh SOAR Automation

A Docker-based SIEM and SOAR platform integrating Wazuh Manager, OpenSearch, and a web dashboard for centralized security monitoring. Provides automated threat detection, host monitoring via Wazuh agents, and a turnkey deployment with pre-configured containers and encrypted communications.
View on GitHub

Dionaea Honeypot with ELK Stack

A honeypot solution combining the Dionaea framework with the ELK stack (Elasticsearch, Logstash, Kibana) for real-time attack capture and analysis. Monitors HTTP, SMB, MySQL, FTP, Telnet, and more — generating threat intelligence visualized through interactive Kibana dashboards.
View on GitHub

AWS WAF Security Operations Suite

A production-grade AWS WAF deployment protecting web applications against OWASP Top 10 threats. Deploys 10 custom WAF rules (SQLi, XSS, rate limiting, bot detection, geo-blocking, CSRF) in front of CloudFront, with CloudWatch dashboards, CloudTrail audit logging, and an automated threat detection engine that auto-blocks malicious IPs. Includes 30+ attack vector tests and full IaC via Python and boto3.
View on GitHub