Cybersecurity Analyst - SOC Operations & Threat Detection
Majdal Shams, Golan Heights, Israel
I'm a cybersecurity analyst focused on SOC operations, threat detection, and hands-on attack simulation. I build and break things in a personal home lab, document everything, and publish the findings. Also passionate about everything in technology: electronics, hardware, networks, software, cybersecurity, wireless, researches...
CompTIA Security+ certified. Pursuing CCNA. Multilingual: Arabic, English, Hebrew, German.
A controlled multi-VM lab environment for executing and documenting real attack scenarios end-to-end, from attacker through network to SIEM detection. Each simulation includes full Wireshark packet analysis, Wazuh alert correlation, and structured investigation reports.
| Simulation | Category | Key Finding |
|---|---|---|
| Network Reconnaissance via Nmap | Reconnaissance | Wazuh and Sysmon have zero visibility into network-level scanning — IDS required |
| RDP Brute Force Attack & Detection | Credential Access | Detection is speed-dependent; NLA bypassed via NTLM fallback; full kill chain captured |
CLI tool that parses threat reports and extracts indicators of compromise — IPs, domains, hashes, emails, CVEs — via regex, with JSON/CSV export. API enrichment (AbuseIPDB, VirusTotal) in development.
Ghostwave (Still in Development)
Open-source handheld RF signal recorder and replayer built on ESP32 + CC1101. Captures, stores, and replays 433MHz signals with a built-in display interface.
SIEM (Wazuh · Splunk · Sentinel) Threat Detection & Triage Log Analysis MITRE ATT&CK
Network Traffic Analysis Protocol Analysis (RDP · SMB · TLS) Wireshark Burp Suite
Python SQL Bash PowerShell
- CompTIA Security+ — April 2026
- SOC Analyst & Web Application — ICS College, 2025–2026
- TryHackMe SOC Level 1 — Top 2% platform ranking
