Automated offensive and defensive tooling designed to exploit gaps and harden infrastructure.
Sentinel Forge
2026
AWS Cloud Detection & Response Lab
Mission Impact
"Reduces triage time by 40% through unified event modeling."
Analysis
Cloud security teams often have the telemetry they need, but not the connective tissue that turns raw events into a usable incident story. The hard part is not collecting data. It is normalizing it, correlating it, explaining why a detection fired, and giving an analyst a next step that does not waste time.
Technical Solution
Ingests CloudTrail, GuardDuty, and Security Hub samples, normalizes them into a common event model, runs defensive detections, correlates suspicious activity, and generates analyst-ready findings, timelines, and manager summaries.
Key Tactics
Root account usageConsole login without MFAPrivileged AssumeRoleCloudTrail tamperingPublic sensitive port exposureGuardDuty plus CloudTrail corroboration
$ sentinel-forge replay-findings
Aegis
2026
AI Exploitation & Guardrail Inspection Suite
Mission Impact
"Identified 12+ unique prompt injection vectors in gpt-4o benchmarks."
Analysis
LLM applications are often deployed without rigorous security testing against prompt injection or sensitive data leakage. Traditional scanners aren't built for the non-deterministic nature of model responses.
Technical Solution
A comprehensive scanner that probes LLM endpoints with specialized payloads and monitors responses against a robust suite of YAML-based detectors mapped to the OWASP Top 10 for LLMs.
"Mapped 1,000+ nodes in 4 seconds using networkx MultiDiGraph."
Analysis
Cloud security scanners find misconfigurations in isolation. They don't tell you which 5 of those 200 findings chain together into an actual account compromise path.
Technical Solution
Models IAM principals and resources as a directed graph. Finds multi-step privilege escalation paths across service boundaries by matching chains against 12+ built-in attack tactics.
Key Tactics
PassRole + Lambda/EC2/GlueIMDS credential theftConfused Deputy via S3 triggersIAM policy self-escalationLambda code hijackPolicy version rollback
"Bypassed updated AMSI/ETW signatures in recent Windows 11 builds."
Analysis
Static shellcode runners are easily detected. Manual encryption and evasion patching is tedious and error-prone during OSEP-style engagements.
Technical Solution
An advanced generator that applies stackable encryption layers (XOR, AES, RC4) and runtime evasion patches (AMSI/ETW) to shellcode using a standardized Jinja2 template engine.
"Increased application response rate by 2.5x through targeted tailoring."
Analysis
Job hunting in security is noisy. Generic resumes don't highlight the specific certs and skills needed for specialized roles, leading to low conversion rates.
Technical Solution
An automated pipeline that aggregates jobs, scores them against a security profile, and generates tailored PDF resumes and cover letters using high-fidelity templates.
Key Tactics
Multi-source job hunting (Indeed, Greenhouse, USAJobs)YAML-based profile scoring engineTailored resume & cover letter generationApplication pipeline tracking dashboardCompany recon & interview prep automationSQLite persistence for application history