Skip to content
View AJahmadcyber's full-sized avatar
  • Jordan

Block or report AJahmadcyber

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
AJahmadcyber/README.md

Banner

👋 Hi, I'm Ahmad

🛡️ SOC Analyst Trainee | Detection Engineering Enthusiast | Cybersecurity Student

Based in Jordan 🇯🇴 | Building defensive security solutions one log at a time

Profile Views GitHub followers


🎯 About Me

name: Ahmad Abuzarqa
role: SOC Analyst Trainee
location: Jordan 🇯🇴
education: B.Sc. Cybersecurity (Graduating Oct 2026)
focus_areas:
  - Threat Detection & Response
  - Detection Engineering
  - Ransomware Defense Research
  - Linux Endpoint Security (eBPF)
currently_learning:
  - CyberDefenders CCDL1
  - Advanced Threat Hunting
  - Sigma Rule Development

🛠️ Tech Stack & Tools

🔍 Security Operations

Splunk Wazuh TheHive Sysmon Suricata Velociraptor

💻 Languages & Scripting

Python PowerShell Bash C

🐧 Systems & Infrastructure

Linux Kali Ubuntu Docker pfSense

🎯 Frameworks & Methodologies

MITRE ATT&CK NIST Sigma YARA PICERL


🚀 Featured Projects

Real-time ransomware detection and auto-containment system for Linux endpoints. Combines entropy analysis, canary files, process lineage scoring, and AI threat classification.

Stack: Python • eBPF • FastAPI • Celery • Redis • PostgreSQL • React

Open-source Managed Detection & Response home lab. Full stack: Wazuh + TheHive + Cortex + n8n SOAR + pfSense/Suricata. Mapped to MITRE ATT&CK techniques.

Stack: Wazuh • Docker • TheHive • Cortex • n8n • pfSense • Suricata

A real-world PUP incident response case study following the PICERL framework. Demonstrates CPU time accumulator analysis, multi-layer persistence hunting, and MITRE ATT&CK mapping.

Stack: PowerShell • MITRE ATT&CK • Sigma • Windows Forensics


📊 GitHub Stats

Ahmad's GitHub stats

GitHub Streak


🎓 Certifications & Learning Path

🎯 In Progress

  • 🛡️ CyberDefenses CCDL1 — Blue Team Level 1 (Active)

✅ Completed

  • 🔐 Microsoft SC-900 — Security, Compliance, and Identity Fundamentals
  • 🌐 Cisco Cybersecurity Essentials

📚 Self-Learning Focus

  • TryHackMe SOC Level 1 Path
  • BTL1 (Blue Team Level 1) Labs
  • CyberDefenders Blue Team Labs

🌱 Currently Exploring

$ whoami --interests
├── 🔍 Threat Hunting (Sigma + KQL + SPL)
├── 🧬 Detection Engineering at Scale
├── 🐧 eBPF for Endpoint Security
├── 🤖 SOAR Automation (n8n + TheHive)
└── 📊 Statistical Anomaly Detection for SOC

📫 Let's Connect

Email GitHub


💭 Quote I Live By

"In cybersecurity, paranoia is a feature, not a bug."

From a SOC analyst, for the blue team community

Popular repositories Loading

  1. homelab-mdr homelab-mdr Public

    Open-source MDR home lab — Wazuh, TheHive, Cortex, n8n, pfSense+Suricata. Portfolio project mapped to MITRE ATT&CK

    Shell 25

  2. hybrid-rsentry hybrid-rsentry Public

    Forked from Mohhudib/hybrid-rsentry

    Real-time ransomware detection and auto-containment system for Linux endpoints — entropy analysis, canary files, process lineage scoring, and AI threat classification.

    Python 1

  3. endpoint-triage-walkthrough endpoint-triage-walkthrough Public

    A real-world PUP incident response case study following the PICERL framework, with PowerShell triage scripts and Sigma detection rules.

    HTML 1

  4. AJahmadcyber AJahmadcyber Public

    My GitHub profile README