Tools and platforms I've built — mostly open source, focused on detection-as-code and the security of AI systems.
Detection Rule Backtester
Backtest detection rules (Sigma / ATR / KQL-style) against real logs and AI-attack traces — per-rule precision, recall and false-positive rate plus multi-rule ensemble confidence.
Python · Sigma · garak · MITRE ATT&CK / ATLAS · MIT
GitHub →
Write-up →
DefenderHunter
Detection-as-code threat-hunting framework for Microsoft Defender XDR & Sentinel — MITRE-mapped ransomware query packs with automated IOC enrichment.
PowerShell · KQL · Defender XDR · Sentinel · MIT
GitHub →
Sandbox Malware Analyzer
Disposable, automated malware-analysis lab on Windows Sandbox — multi-format detonation, behavioral capture, IOC extraction and HTML/JSON reporting.
PowerShell · Windows Sandbox · YARA · MIT
GitHub →
SecureOrbit EASM
External Attack Surface Management — continuous discovery and monitoring of internet-facing assets, with correlation and confidence scoring to prioritize real exposures. Includes CertWatch, a TLS-certificate monitoring SaaS.
Python · Docker · REST APIs · alerting
SecureOrbit →
Everything here is my own work. More — including forks and study material I keep for reference — on GitHub.