An automated cybersecurity threat intelligence analysis pipeline that extracts indicators of compromise (IOCs), maps MITRE ATT&CK techniques, and builds knowledge graphs from unstructured CTI reports using NLP and LLMs. Features cross-platform compatibility and RESTful API for integration.

AI-assisted SOC/SIEM platform for forensic log analysis, threat detection, IOC extraction, threat intelligence correlation and enterprise incident reporting.

TotalOSINT is a privacy-first, client-side OSINT toolkit for security analysts. Instantly extract IOCs (IPs, Domains, Hashes) from raw logs and launch bulk investigations across dozens of threat intelligence sources. Zero-data-persistence workflow for SOC and DFIR teams. No installation required.

Modular SOC analyst toolkit with phishing email analyzer, log parser, and IOC extractor. Built with FastAPI + React, integrates VirusTotal, AbuseIPDB, Shodan, URLScan.io, and AlienVault OTX APIs

A Python-based static analysis toolkit for detecting malicious indicators in PDF files using metadata analysis, IOC extraction, YARA scanning, CVE detection, and threat intelligence integration.

High‑performance iocx plugin for detecting Windows Registry keys, values, and persistence locations. Includes full test coverage, performance benchmarks, and security checks.

🕵️♂️ Extract IOCs quickly with TotalOSINT, a client-side OSINT tool designed for privacy-first investigations in security analysis.

Email analysis tool for extracting and analyzing indicators of compromise from email files.

Automated phishing email analysis - Parse .eml files, detect 15+ phishing indicators, extract IOCs & generate IR reports

AI-powered phishing email analyzer for SOC analysts — Claude AI, MITRE ATT&CK mapping, IOC extraction

AI-powered security operations agent with RAG capabilities for analyzing threat intelligence, extracting IoCs, and mapping MITRE ATT&CK TTPs from unstructured security logs via an interactive Gradio interface.

AI-powered malware static analysis orchestrator using Model Context Protocol (MCP). Automates file triage, PE analysis, YARA scanning, string extraction, and VirusTotal enrichment through an isolated Docker worker.

End-to-end phishing investigation playbook covering email analysis, KQL hunting, identity compromise assessment, IOC extraction, threat hunting, detection opportunities, and remediation.

Forensic analysis of a targeted phishing campaign, email header tracing, URL sandboxing, and IOC extraction.

Static phishing-page analyzer — finds credential harvesting forms, kit fingerprints (16shop, Storm-1567, Telegram/Discord exfil), brand impersonation, and embedded IOCs. Optional WHOIS lookups.

A modular C++17 framework for static and simulated dynamic malware analysis. Computes file hashes, parses PE headers, extracts strings, calculates entropy, matches YARA-like rules, predicts runtime behavior, and generates threat reports. Built with Factory, Strategy, Observer, and Singleton design patterns. Defensive only.

Complete security incident lifecycle from malware behavioral analysis to NIST incident response and phishing credential harvesting simulation

AI-powered threat intelligence summarizer | MITRE ATT&CK v15 | Healthcare sector specialization | IOC extraction | APT attribution | Built with Claude API

Multi-agent security operations chatbot leveraging multi-agent architecture, RAG, and MITRE ATT&CK mapping to analyze unstructured security logs, extract threat intelligence (IoCs, TTPs), and generate actionable incident reports.