Skip to content
View ibu-cyx0's full-sized avatar
🎯
Focusing
🎯
Focusing
5 followers · 3 following

Block or report ibu-cyx0

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
ibu-cyx0/README.md 
╔══════════════════════════════════════════════════════════════════════════╗
║                                                                          ║
║  ██╗██████╗ ██████╗  █████╗ ██╗  ██╗██╗███╗   ███╗                     ║
║  ██║██╔══██╗██╔══██╗██╔══██╗██║  ██║██║████╗ ████║                     ║
║  ██║██████╔╝██████╔╝███████║███████║██║██╔████╔██║                     ║
║  ██║██╔══██╗██╔══██╗██╔══██║██╔══██║██║██║╚██╔╝██║                     ║
║  ██║██████╔╝██║  ██║██║  ██║██║  ██║██║██║ ╚═╝ ██║                     ║
║  ╚═╝╚═════╝ ╚═╝  ╚═╝╚═╝  ╚═╝╚═╝  ╚═╝╚═╝╚═╝     ╚═╝                     ║
║                                                                          ║
║              [ BLUE TEAM OPERATOR | SOC ANALYST ]                        ║
║                                                                          ║
╚══════════════════════════════════════════════════════════════════════════╝

Typing SVG


Visits TryHackMe LinkedIn Email

whoami

┌──[ibu-cyx0@soc-workstation]─[~]
└─$ cat profile.txt

Name     : Mohamed Ibrahim H
Role     : Aspiring SOC Analyst
Location : Tamil Nadu, India
Focus    : Blue Team | Threat Detection
Status   : 🟢 Actively Hunting Threats

Certifications:
  ✅ EC-Council Certified SOC Analyst (CSA)
  ✅ Splunk Core Certified User
  ✅ Cisco Cyber Ops Associate

Mission  : Defend systems before attackers
           find the door open.

cat /etc/skills.conf

🛡️ Security Operations

Security Monitoring    ████████████  Expert
Threat Detection       ███████████░  Advanced
Incident Response      ██████████░░  Advanced
Log Analysis           ████████████  Expert
Threat Intelligence    █████████░░░  Intermediate
Vulnerability Mgmt     ████████░░░░  Intermediate

📡 SIEM & Tools

SIEM     : Splunk · Wazuh · ELK Stack
Network  : Wireshark · Nmap · Tcpdump
Threat   : MISP · AlienVault OTX · AbuseIPDB
Defense  : pfSense · Snort · Suricata
IAM      : Active Directory · Zero Trust

💻 Development

Primary  : Python (Security Automation)
Scripts  : PowerShell · Bash
APIs     : REST · Flask · Splunk REST
Version  : Git · GitHub
Infra    : Docker · Ansible

🌐 Networking

TCP/IP Stack        ████████████  Expert
Packet Analysis     ███████████░  Advanced
DNS / HTTP / FTP    ████████████  Expert
Protocol Analysis   ██████████░░  Advanced
Firewall Rules      █████████░░░  Intermediate

ls -la ~/certifications/

Certification Issuer Domain
🏆 Certified SOC Analyst (CSA) EC-Council SOC Operations
🏆 Core Certified User Splunk SIEM & Log Analysis
🏆 Cyber Ops Associate Cisco Network Security

ls ~/projects/ --sort=impact

🔥 Project 1 — CTI Automation Platform  [ FLAGSHIP ]

Automated Cyber Threat Intelligence Pipeline

┌─ ARCHITECTURE ──────────────────────────────────────┐
│                                                      │
│  AlienVault OTX ──┐                                 │
│  AbuseIPDB ───────┼──► IOC Collector ──► Splunk     │
│  URLhaus ─────────┘    (Python)        Correlator   │
│                                            │        │
│                              Live Dashboard ◄────── │
└──────────────────────────────────────────────────── ┘

Stack: Python Splunk REST API AlienVault OTX AbuseIPDB URLhaus Docker

Key Achievements:

  • 🔗 Multi-feed IOC collection with automatic deduplication
  • 🔍 Splunk log correlation via REST API for real-time IOC matching
  • 📊 Live dark-themed dashboard with threat origin heatmap
  • ⚡ Auto-severity classification: CRITICAL / HIGH / MEDIUM / LOW

View Project Live Demo

🤖 Project 2 — AI SOC Alert Triage System  [ ML ]

ML-Based False Positive Reduction for SOC Analysts

Raw Alerts ──► Feature Extraction ──► Random Forest ──► Verdict
(SIEM/IDS)     [10 security           Classifier         TP → Escalate Tier 2
                features]             100% Accuracy      FP → Auto-Close
                                      AUC: 1.0000

Stack: Python scikit-learn pandas numpy Splunk

Key Achievements:

  • 🌲 Random Forest trained on 2000 labeled SOC alert samples
  • ⚡ Real-time alert classification with confidence scoring
  • 📉 100% false positive reduction on test dataset
  • 📊 Live triage dashboard with confusion matrix & feature importance

View Project Live Demo

🏠 Project 3 — SOC Home Lab  [ SIEM ]

Log Analysis & Threat Detection Lab

Stack: Splunk Wazuh VirtualBox Python

Key Achievements:

  • 📋 Monitored and correlated security logs across Splunk + Wazuh
  • 🚨 Created custom alert rules for brute force detection
  • 🔍 Investigated suspicious login attempts and anomalous behaviour
  • 🖥️ Simulated real SOC monitoring workflows

View Project

🌐 Project 4 — Network Traffic Analysis  [ NETWORK ]

Deep Packet Inspection & Protocol Forensics

Stack: Wireshark Python Scapy

Key Achievements:

  • 📦 Captured and analyzed live network traffic using Wireshark
  • 🔬 Investigated HTTP, DNS, TCP protocols for anomalies
  • 🚩 Identified suspicious traffic behaviour and C2 patterns
  • 📝 Produced packet-level incident investigation reports

View Project

./run_stats.sh


Streak

cat /var/log/activity.log

[2026] ── Building Zero Trust Network Simulation Lab ............. [ COMPLETE ✓ ]
[2026] ── CTI Automation Platform (OTX + AbuseIPDB + URLhaus) ... [ COMPLETE ✓ ]
[2026] ── AI SOC Alert Triage System (Random Forest ML) ......... [ COMPLETE ✓ ]
[2026] ── EC-Council Certified SOC Analyst (CSA) ................ [ CERTIFIED ✓ ]
[2025] ── Splunk Core Certified User ............................ [ CERTIFIED ✓ ]
[2025] ── Cisco Cyber Ops Associate ............................. [ CERTIFIED ✓ ]
[2025] ── SOC Home Lab (Splunk + Wazuh) ......................... [ COMPLETE ✓ ]
[2025] ── Network Traffic Analysis (Wireshark) .................. [ COMPLETE ✓ ]
[2024] ── B.E. Cyber Security — Paavai Engineering College ....... [ ONGOING  ⟳ ]

ping socials --all

X/Twitter LinkedIn Discord Reddit TryHackMe Email

╔═══════════════════════════════════════════════════════╗
║  "Attackers only need to be right once.              ║
║   Defenders need to be right every time."            ║
║                                    — Blue Team Code  ║
╚═══════════════════════════════════════════════════════╝

Pinned Loading

  1. Security-Monitoring-using-Wazuh Security-Monitoring-using-Wazuh Public

    Forked from PacktPublishing/Security-Monitoring-using-Wazuh

    Security Monitoring using Wazuh, published by Packt

    Python 3

  2. AI-Powered-Threat-Detection-Engine AI-Powered-Threat-Detection-Engine Public

    ML-based SOC alert triage system using Random Forest to auto-classify alerts as True/False Positive — reducing analyst workload with real-time confidence scoring and live dashboard.

    HTML 2

  3. CTI-Automation-Platform CTI-Automation-Platform Public

    Automated Cyber Threat Intelligence pipeline that collects IOCs from AlienVault OTX, AbuseIPDB & URLhaus, correlates them against Splunk logs, and visualizes active threats on a real-time dark-them…

    Python 3

  4. GoogleCloudSkillsboost GoogleCloudSkillsboost Public

    Forked from Itsabhishek7py/GoogleCloudSkillsboost

    Collection of tutorials of gcsb labs Check out the channel fro complete guide

    Jupyter Notebook 3