π Hi, Iβm @ewanoleghe β Cybersecurity Analyst & Offensive Security Engineer
SOC Analyst | Penetration Tester | OT/ICS Security Enthusiast
Former full-stack developer with 15+ years in secure software engineering, now focused on threat detection, incident response, penetration testing, and operational technology (OT) security. Certified in CompTIA Security+ and AWS Cloud Practitioner, actively pursuing OSCP and CySA+.
Cybersecurity Expertise
- SOC Operations: SIEM (Splunk, Microsoft Sentinel, ELK), EDR (Carbon Black), phishing analysis, threat hunting
- Offensive Security: Penetration testing with Metasploit, Nmap, Burp Suite, Wireshark, Nessus, privilege escalation
- Cloud & Infrastructure: AWS IAM, GuardDuty, CloudTrail, Zero Trust, secure network architecture
- OT/ICS Security: Modbus/BACnet simulation, Purdue Model, ISA/IEC 62443 alignment
- Security Automation: Python (Pandas, NumPy) for log correlation, anomaly detection, Splunk dashboarding
Active Labs & Red Team Training
- Hack The Box CPTS (In Progress) β 15+ machines, focus on Linux/Windows privilege escalation
- OSCP Labs β Buffer overflows, web app exploitation, Active Directory attacks
- SIEM Home Lab β Splunk-based SOC simulation with real-time threat detection & NIST 800-61 workflows
- Container & API Hardening β Trivy/Clair scans, OWASP Top 10 testing with Burp Suite/Postman
- ICS Cyber Range β Simulated attacks on industrial protocols (Modbus, BACnet)
Currently Mastering
- Advanced Active Directory attacks & lateral movement
- Purple teaming & MITRE ATT&CK framework mapping
- YARA, Sigma, and custom detection rules for SIEM
- Kotlin for secure mobile app development
MITRE ATT&CK in Practice
| Tactic | Technique | Application |
|---|---|---|
| Initial Access | T1190 β Exploit Public App | Laravel debug mode β RCE |
| Execution | T1059.006 β Python | Reverse shell via cron |
| Persistence | T1053 β Scheduled Task | at job + encoded payload |
| Privilege Escalation | T1068 β Kernel Exploit | Dirty COW, SUID binary |
| Defense Evasion | T1070.004 β Log Clear | shred, wevtutil cl |
| Lateral Movement | T1021.001 β RDP | Pass-the-Hash + RDP |
| Exfiltration | T1041 β C2 Channel | DNS tunneling, HTTPS POST |
OSCP Preparation Guide (90-Day Roadmap)
Phase 1: Foundation (Weeks 1β3)
- Master Linux/Windows CLI,
netstat,wmic,tasklist - Complete TJNullβs HTB List (50 retired boxes)
- Write one-liner enumeration scripts
Phase 2: Methodology (Weeks 4β6)
nmap -sC -sV -p- --min-rate 1000 -oA scan <IP>
gobuster dir -u http://<IP> -w medium.txt -x php,html,txt
Letβs Collaborate On
- Open-source SIEM detection content (Splunk, Sigma)
- Penetration testing tools & exploit development
- OT security automation (IaC, Ansible, Python)
- Threat intelligence platforms & automated phishing triage
Reach Me
Cybersecurity & Tools Arsenal
