Skip to content
View ExelR8ight's full-sized avatar

Block or report ExelR8ight

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please donโ€™t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this userโ€™s behavior. Learn more about reporting abuse.

Report abuse
ExelR8ight/README.md

Typing SVG

cyber line

Random Dev Quote

๐Ÿ‘ค Whoami

hacker terminal mascot

class AnkitSingh:
    def __init__(self):
        self.role        = ["SOC Analyst", "Threat Hunter", "Detection Engineer"]
        self.mission     = "Detect what matters. Automate the rest."
        self.stack       = ["Splunk", "Python", "Sigma", "TheHive", "Scikit-Learn"]
        self.researching = "LLM security & prompt-injection defense"
        self.frameworks  = "MITRE ATT&CK"

    def philosophy(self):
        return "Detection without response is just noise โ€” I build the whole loop."

"Security isn't just about detecting everything; it's about detecting what matters and automating the rest."

  • ๐Ÿ”ญ Building end-to-end, AI-powered detection pipelines
  • ๐Ÿงช First-author research on LLM agent security in SOC triage
  • ๐ŸŽฏ Targeting SOC / Threat Hunting / Detection Engineering roles
  • ๐Ÿ“œ CEH (in progress) ยท active on TryHackMe & Hack The Box

๐Ÿงฐ Technical Arsenal

Category Technologies & Frameworks
๐Ÿ“ก SIEM & Log Mgmt Splunk Enterprise ยท Splunk HEC ยท Elastic (ELK)
๐Ÿ›ก๏ธ Endpoint & Network Telemetry Sysmon (SwiftOnSecurity) ยท Suricata IDS ยท Windows Event Logs
๐ŸŽฏ Detection & Intel MITRE ATT&CK ยท Sigma ยท Atomic Red Team ยท YARA
โš™๏ธ Automation & SOAR TheHive ยท Python ยท PowerShell ยท Bash
๐Ÿง  Data Science & ML Scikit-Learn (Isolation Forest) ยท Pandas ยท NumPy
๐Ÿค– AI Security LLM Security ยท Prompt-Injection Defense ยท Ollama

๐Ÿ“ก Live Skills Radar

Skills Radar

๐Ÿ—๏ธ Flagship Architecture โ€” CogniSOC Pipeline

flowchart LR
subgraph EP["๐Ÿ–ฅ๏ธ Endpoints (Win / Ubuntu)"]
S["Sysmon"]
SU["Suricata IDS"]
end
subgraph ING["๐Ÿ“ฅ Ingestion"]
UF["Universal Forwarders"]
end
subgraph CORE["๐Ÿง  CogniSOC Core"]
SP["Splunk SIEM"]
ML["Isolation Forest ML\nโ†“75% noise ยท 88% precision"]
CE["6-Rule Correlation\n(ATT&CK-mapped)"]
end
subgraph RESP["๐Ÿšจ Response"]
TH["TheHive SOAR (API)"]
AN["๐Ÿ‘ค Analyst Triage"]
end
S --> UF
SU --> UF
UF --> SP --> ML --> CE
CE -->|Low severity| DROP["๐Ÿ”• Suppress"]
CE -->|High fidelity| TH --> AN
Loading

๐Ÿ† Featured Portfolio Projects

๐Ÿ’ก Click each project to expand the deep-dive.

๐Ÿง  CogniSOC โ€” End-to-End AI-Powered SOC ย 

A complete, production-style SOC pipeline built from scratch to solve alert fatigue.

  • Challenge: Rule-based SIEMs generate too much noise.
  • Solution: Unsupervised Isolation Forest scores behavioral anomalies โ†’ 6-rule ATT&CK correlation engine โ†’ auto-escalation to TheHive (SOAR) via API.
  • Result: 88% precision ยท 75% alert-volume reduction across a 100-hour live-traffic simulation in a 4-machine isolated lab.

๐Ÿ”— Explore CogniSOC โ†’

๐Ÿ›ก๏ธ ATT&CK-Mapped Detection Library ย 

Version-controlled Detection-as-Code repo proving detection-engineering maturity.

  • 13 tuned Sigma rules across 6 ATT&CK tactics, translated to Splunk SPL + Elastic DSL.
  • Every rule validated with Atomic Red Team.
  • False-Positive Tuning notes (e.g., suppressing SCCM & vuln-scanner noise) โ€” real operational maturity.

๐Ÿ”— Explore the Library โ†’

๐Ÿ” Threat Hunting & Incident Investigation Lab ย 

7 structured, end-to-end investigations emulating APT29 (Cozy Bear) & FIN7 tradecraft.

  • PowerShell Empire C2 ยท Data Exfiltration ยท Lateral Movement (PsExec) ยท Credential Dumping (LSASS).
  • Ships with IR playbooks, extracted IOCs, and proactive hunt hypotheses.

๐Ÿ”— Explore the Hunts โ†’

๐Ÿ’‰ LogPrompt-Inject โ€” LLM SOC Triage Vulnerabilities ย 

AI-Security research, under review at ACM AISec @ CCS.

  • Research: Indirect prompt-injection against LLM SOC-triage engines via malicious telemetry (Sysmon CommandLine, Suricata http_user_agent).
  • Findings: Defense Portability Failure & Defense Backfire across 6 open-weight + 3 frontier models โ€” defenses that secure one model can worsen another.
  • Value: LLM threat modeling + rigorous empirical methodology.

๐Ÿ”— Read the Research โ†’

๐Ÿค– LLM-Assisted SOC Alert Triage (Injection-Hardened) ย 

An AI triage copilot that classifies raw Sysmon/Suricata alerts and resists prompt injection.

  • Engine: Telemetry in โ†’ strict JSON out (Severity ยท ATT&CK mapping ยท Next steps).
  • Security layer: Applies my LogPrompt-Inject findings โ€” Spotlighting (data-marking) + schema validation to neutralize injected instructions before the LLM sees them.
  • Value: I both find the vuln and engineer the fix.

๐Ÿ”— Explore the Copilot โ†’

๐ŸŽฎ Lab & Learning Stats

Arena Status
๐Ÿ›ก๏ธ Certifications Certified Ethical Hacker (CEH) โ€” Trained
๐ŸŸฉ TryHackMe SOC Analyst path โ€” in progress
๐ŸŸฅ Hack The Box SOC Analyst path โ€” in progress
๐Ÿด CTF Web ยท OSINT ยท Networking
๐Ÿฅš psstโ€ฆ click for a hidden easter egg
[+] You found the buried IOC. ๐Ÿ•ต๏ธ

[+] In a real investigation, curiosity is the best detection rule.

[+] Now go pin those repos and apply. ๐Ÿš€

๐Ÿ Live Contribution Pets

These regenerate on their own โ€” a self-updating snake and a 3D contribution world.

snake animation

3D contribution world

๐Ÿ“Š GitHub Analytics

Streak

Activity Graph

outro

Popular repositories Loading

  1. ExelR8ight ExelR8ight Public

    1

  2. ATT-CK-Detection-Library ATT-CK-Detection-Library Public

    Detection-as-Code repository containing highly tuned Sigma rules translated to Splunk SPL and Elastic DSL, validated via Atomic Red Team.

    PowerShell 1

  3. Threat-Hunting-Lab Threat-Hunting-Lab Public

    Structured incident investigations and threat hunting playbooks mimicking real-world APT tradecraft like APT29 and FIN7.

    1

  4. CogniSOC CogniSOC Public

    End-to-End AI-Powered SOC Architecture. Uses Isolation Forest ML and MITRE ATT&CK correlation to reduce SIEM alert fatigue and automate TheHive SOAR.

    Python 1

  5. LogPrompt-Inject LogPrompt-Inject Public

    ACM AISec Research: Systematic evaluation of indirect prompt injection attacks against LLM-powered SOC triage engines via malicious log telemetry.

    TeX 1

  6. LLM-Assisted-Alert-Triage LLM-Assisted-Alert-Triage Public

    Automated AI triage copilot using local LLMs to classify raw Sysmon/Suricata alerts, expressly built to resist indirect prompt injection.

    Python 1