class AnkitSingh:
def __init__(self):
self.role = ["SOC Analyst", "Threat Hunter", "Detection Engineer"]
self.mission = "Detect what matters. Automate the rest."
self.stack = ["Splunk", "Python", "Sigma", "TheHive", "Scikit-Learn"]
self.researching = "LLM security & prompt-injection defense"
self.frameworks = "MITRE ATT&CK"
def philosophy(self):
return "Detection without response is just noise โ I build the whole loop.""Security isn't just about detecting everything; it's about detecting what matters and automating the rest."
- ๐ญ Building end-to-end, AI-powered detection pipelines
- ๐งช First-author research on LLM agent security in SOC triage
- ๐ฏ Targeting SOC / Threat Hunting / Detection Engineering roles
- ๐ CEH (in progress) ยท active on TryHackMe & Hack The Box
| Category | Technologies & Frameworks |
|---|---|
| ๐ก SIEM & Log Mgmt | Splunk Enterprise ยท Splunk HEC ยท Elastic (ELK) |
| ๐ก๏ธ Endpoint & Network Telemetry | Sysmon (SwiftOnSecurity) ยท Suricata IDS ยท Windows Event Logs |
| ๐ฏ Detection & Intel | MITRE ATT&CK ยท Sigma ยท Atomic Red Team ยท YARA |
| โ๏ธ Automation & SOAR | TheHive ยท Python ยท PowerShell ยท Bash |
| ๐ง Data Science & ML | Scikit-Learn (Isolation Forest) ยท Pandas ยท NumPy |
| ๐ค AI Security | LLM Security ยท Prompt-Injection Defense ยท Ollama |
flowchart LR
subgraph EP["๐ฅ๏ธ Endpoints (Win / Ubuntu)"]
S["Sysmon"]
SU["Suricata IDS"]
end
subgraph ING["๐ฅ Ingestion"]
UF["Universal Forwarders"]
end
subgraph CORE["๐ง CogniSOC Core"]
SP["Splunk SIEM"]
ML["Isolation Forest ML\nโ75% noise ยท 88% precision"]
CE["6-Rule Correlation\n(ATT&CK-mapped)"]
end
subgraph RESP["๐จ Response"]
TH["TheHive SOAR (API)"]
AN["๐ค Analyst Triage"]
end
S --> UF
SU --> UF
UF --> SP --> ML --> CE
CE -->|Low severity| DROP["๐ Suppress"]
CE -->|High fidelity| TH --> AN
๐ก Click each project to expand the deep-dive.
๐ง CogniSOC โ End-to-End AI-Powered SOC ย

A complete, production-style SOC pipeline built from scratch to solve alert fatigue.
- Challenge: Rule-based SIEMs generate too much noise.
- Solution: Unsupervised Isolation Forest scores behavioral anomalies โ 6-rule ATT&CK correlation engine โ auto-escalation to TheHive (SOAR) via API.
- Result: 88% precision ยท 75% alert-volume reduction across a 100-hour live-traffic simulation in a 4-machine isolated lab.
๐ Explore CogniSOC โ
๐ก๏ธ ATT&CK-Mapped Detection Library ย

Version-controlled Detection-as-Code repo proving detection-engineering maturity.
- 13 tuned Sigma rules across 6 ATT&CK tactics, translated to Splunk SPL + Elastic DSL.
- Every rule validated with Atomic Red Team.
- False-Positive Tuning notes (e.g., suppressing SCCM & vuln-scanner noise) โ real operational maturity.
๐ Threat Hunting & Incident Investigation Lab ย

7 structured, end-to-end investigations emulating APT29 (Cozy Bear) & FIN7 tradecraft.
- PowerShell Empire C2 ยท Data Exfiltration ยท Lateral Movement (PsExec) ยท Credential Dumping (LSASS).
- Ships with IR playbooks, extracted IOCs, and proactive hunt hypotheses.
๐ LogPrompt-Inject โ LLM SOC Triage Vulnerabilities ย

AI-Security research, under review at ACM AISec @ CCS.
- Research: Indirect prompt-injection against LLM SOC-triage engines via malicious telemetry (Sysmon
CommandLine, Suricatahttp_user_agent). - Findings: Defense Portability Failure & Defense Backfire across 6 open-weight + 3 frontier models โ defenses that secure one model can worsen another.
- Value: LLM threat modeling + rigorous empirical methodology.
๐ค LLM-Assisted SOC Alert Triage (Injection-Hardened) ย

An AI triage copilot that classifies raw Sysmon/Suricata alerts and resists prompt injection.
- Engine: Telemetry in โ strict JSON out (Severity ยท ATT&CK mapping ยท Next steps).
- Security layer: Applies my LogPrompt-Inject findings โ Spotlighting (data-marking) + schema validation to neutralize injected instructions before the LLM sees them.
- Value: I both find the vuln and engineer the fix.
| Arena | Status |
|---|---|
| ๐ก๏ธ Certifications | Certified Ethical Hacker (CEH) โ Trained |
| ๐ฉ TryHackMe | SOC Analyst path โ in progress |
| ๐ฅ Hack The Box | SOC Analyst path โ in progress |
| ๐ด CTF | Web ยท OSINT ยท Networking |
๐ฅ psstโฆ click for a hidden easter egg
[+] You found the buried IOC. ๐ต๏ธ
[+] In a real investigation, curiosity is the best detection rule.
[+] Now go pin those repos and apply. ๐
These regenerate on their own โ a self-updating snake and a 3D contribution world.


