Skip to content
View Ashiii27's full-sized avatar
14 followers · 8 following

Block or report Ashiii27

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Ashiii27/README.md

Typing SVG


LinkedIn GitHub TryHackMe Status



> whoami

name        : Ashish Kumar
degree      : B.Tech Computer Science & Engineering
university  : MMMUT Gorakhpur
graduating  : June 2027
location    : India
target_roles: [ SOC Analyst, Blue Team Engineer, Digital Forensics ]

Blue team engineer who builds real tools β€” not just collects certifications. My work covers threat detection, EVTX log forensics, and network traffic analysis mapped to MITRE ATT&CK β€” the kind of depth that matters in a real SOC or DFIR role.

> ls ./projects

πŸ›‘οΈ SentinelX

C++ Network Intrusion Detection System

A modular NIDS built from scratch β€” live traffic capture, custom parsing pipeline, and MITRE ATT&CK-tagged structured alerts.

  • Custom PacketCapture β†’ IP β†’ TCP β†’ HTTP parser
  • Pluggable detectors via abstract BaseDetector interface
  • Severity classification + ATT&CK technique tagging
  • Extend without touching core logic

C++ libpcap MITRE

πŸ” WinLogon Forensics

Multi-Auth Artifact Correlation Engine

Correlates Windows auth artifacts across Local, MSA, RDP & Kerberos β€” surfaces anomalous access from raw EVTX logs.

  • Event IDs: 4624 4625 4648 4768 4776
  • Unified anomaly view across all auth mechanisms
  • πŸ“„ IEEE paper in progress β€” Dr. Vimal Kumar, MMMUT

Python PowerShell Autopsy

πŸ“‘ PCAP Forensics Analyser

Network Traffic Forensics Tool

Deep PCAP inspection β€” protocol dissection, IOC extraction, and anomaly flagging from captured network traffic.

Python Wireshark

🚧 In the Lab...

Currently building tools that push into:

  • Automated threat hunting pipelines
  • Log correlation at scale
  • Threat intel feed integration

Watch the GitHub β€” more dropping soon.

> cat skills.conf

Languages & Scripting

Skills

Domain Tools & Techniques
πŸ”΅ Threat Detection MITRE ATT&CK Β· Sigma Rules Β· Custom Detection Logic Β· Alert Triage
πŸͺŸ Windows Forensics EVTX Parsing Β· Event IDs Β· FTK Imager Β· Autopsy Β· Registry Analysis
🌐 Network Analysis PCAP · Wireshark · libpcap · Protocol Dissection · IOC Extraction
🚨 Incident Response Log Correlation · Timeline Analysis · Artifact Collection
πŸ”Ž OSINT Passive Recon Β· Threat Intel Β· Open-Source Investigation

> tail -f progress.log

Status Certification / Platform
🟒 Active TryHackMe β€” Top 3% Globally
🟑 In Progress LetsDefend · CyberDefenders · PortSwigger Web Security Academy
πŸ“Œ Next Target CompTIA Security+
πŸ—ΊοΈ Roadmap CySA+ β†’ TCM Security PTP β†’ OSCP
πŸ“„ Research IEEE Paper β€” Windows Auth Forensics (Dr. Vimal Kumar, MMMUT)

> git log --oneline

Β 



> ./hire_me.sh

Looking for SOC Analyst Β· Blue Team Β· DFIR roles

If you're building a security team and want someone who writes forensics tools, understands what's in the logs, and maps every detection to MITRE β€”

LinkedIn Β Β  GitHub


Popular repositories Loading

  1. CyberSecurity-HomeLabs-Setup CyberSecurity-HomeLabs-Setup Public

    πŸ›‘οΈ Cybersecurity Home Lab for practicing DFIR, Windows forensics, remote login analysis, and incident response using Windows VM + WSL Ubuntu with real-world tools.

    Python 6

  2. Ashiii27 Ashiii27 Public

    1

  3. ForensicLab-setup ForensicLab-setup Public

    πŸ” Digital Forensics Lab Setup β€” A hands-on forensic homelab for learning and practicing Windows investigation, remote login analysis, log collection, and basic incident response using real-world to…

    Python 1

  4. honeypot-network honeypot-network Public

    Multi-protocol honeypot network that simulates six real services, captures attacker behavior, maps to MITRE ATT&CK, extracts IOCs, and visualizes everything through a real-time dashboard.

    Go 1

  5. Windows-Login-Extractor Windows-Login-Extractor Public

    πŸ›‘οΈ Windows Logs Extractor β€” A Python-based CLI tool for extracting and analyzing Windows authentication events across multiple login techniques to support DFIR and SOC investigations.

    HTML

  6. sentinelX sentinelX Public

    C++