Windows EVTX log analysis for DFIR — fast parsing, ATT&CK mapping, IOC extraction, and Sentinel anomaly detection. Normal + Juggernaut Mode (Arrow/DuckDB) for 10M+ events.

BeCode AD lab on Azure : build, harden, detect. 11 MITRE techniques, 11/11 detection rate. External credential-stuffing capture as real-world validation.

This project aims to redesign Windows audit policy configurations to reduce log noise and enhance detection clarity within Splunk. The objective is to produce a streamlined, purposeful audit policy that supports effective threat detection, baselining, and investigative workflows in a lab or SOC simulation environment.

A modern Flet-based UI for PM4PY that enables process mining, discovery, conformance checking, filtering, and analysis of event logs without writing code.