Skip to content

Welcome to My Cybersecurity Portfolio

Hi, I’m Koros Ian , an aspiring Cybersecurity Analyst exploring the world of threat detection, log analysis, and red/blue/purple team exercises.
This portfolio showcases hands-on projects where I combine practical tools, analytical thinking, and security automation to solve real-world problems.

1. Intrusion Detection System (IDS)

A lightweight IDS prototype built in Python that monitors network traffic, applies configurable rules, and generates real-time alerts.
Highlights: rule-based detection, CLI workflow, packet sniffing, and modular design for security testing.

2. Windows Log Parser & Threat Hunter

Enterprise ready log analysis tool (log_hunter.py) for SOC workflows.
Features: live log parsing, EVTX offline analysis, brute-force & privilege escalation detection, YARA & VirusTotal integration.

3. Purple Team Zero

A production-ready purple-team framework combining offensive emulation and defensive validation.
Includes attack simulations, automated detection validation, and MITRE ATT&CK-aligned scenarios.

4. Password Strength Checker

A small but practical Python utility to estimate password strength, visualize entropy, and calculate brute-force attack time.
Great for demonstrating risk analysis and explaining password security to end-users.

5. Parent-Child Process Threat Hunting Notebook__

Lightweight notebook showing how to detect suspicious parent–child process relationships using Windows event logs.

🧠 My Focus

  • Threat Detection & Response: Building tools to identify and respond to attacks in real time.
  • Log Analysis & SOC Workflows: Parsing logs, generating actionable insights, and validating detections.
  • Red & Blue Team Collaboration: Simulating attacks safely while testing defenses.
  • Practical Security Automation: Writing Python scripts and frameworks that scale for analyst workflows.

πŸ“ˆ Why These Projects Matter

Each project in this portfolio demonstrates my ability to: - Apply analytical reasoning to real security problems.
- Combine offensive thinking with defensive engineering.
- Communicate technical findings through visuals, logs, and reports.
- Build modular, production-ready tools that can integrate with existing security workflows.