Source · History · Diffs
Security Engineer / Detection & Trading Systems
Selected public projects. Security tooling, detection-as-code, CI/CD supply-chain hardening, and applied research. Browse the source, history, and diffs below.
Landing page for my security engineering projects.
Detection rules kept the way code is kept: written once in Sigma, version-controlled, linted and tested in CI, and compiled to whatever SIEM is in front of me. I spend my day tuning rules in Sentinel and Splunk by hand; this is that work done as a pipeline instead of a console...
A GitHub Actions pipeline that gates every push and pull request on four security checks before code is allowed to merge, then reports the run back to a SOC for visibility. The sample app is a small Flask task API; the point of the repo is the pipeline around it.
This picks up where the secure CI/CD pipeline leaves off. That repo proves the *source* is clean. This one proves the *artifact* is - that the container image a cluster is about to run was built by my pipeline, hasn't been tampered with since, and ships with a verifiable bill ...
Pulls indicators from live threat-intel feeds, deduplicates them, extracts the MITRE ATT&CK techniques behind them, turns the result into Wazuh detection rules and CDB lists, and emails an analyst for sign-off before anything goes live. No rule reaches the SIEM without a human...
A working security operations lab that ties endpoint telemetry, alert triage, and automated case handling into a single pipeline. Wazuh handles detection, Shuffle runs the SOAR playbooks, and TheHive is the analyst workspace where cases land already enriched.
Emulate adversary techniques, then prove the detections fire. This is the validation half of detection-as-code: I run ATT&CK techniques against an instrumented Ubuntu endpoint enrolled in my SOC automation lab, and confirm each one raises the alert it's supposed to - mapped to...
Perseus is an AI orchestration platform that routes natural language commands to specialized agents across a self-hosted Proxmox homelab. It integrates multiple LLM providers (Grok/xAI, OpenAI, and local Ollama) with runtime model switching, SSH-based infrastructure management...
Differential JWT verification harness. Feeds the same (token, key, alg-allowlist) triple into N JWT libraries simultaneously and surfaces any disagreement in the valid field. Disagreements at the verification boundary are auth-bypass primitives.
A post-mortem and the supporting evaluation framework for a Kalshi weather-market trading bot that lost money over its first two months of live trading, then was halted, audited, and retired.
Catch every time your AI coding agent touches auth, secrets, or skips a test, then turn the correction you made into a local regression eval. Local-first, deterministic, no LLM judge.
Co-authored by Zion Boggan, Claude Opus 4.6/4.7 (Anthropic), and Codex (GPT-5.4, OpenAI).
HMAC-signed, file-system-mediated job dispatch between two agent sessions on different hosts. Built around the use case of two Claude Code sessions running on separate machines and needing to hand work to each other without either one having to drive the other interactively.
Two tiny shell tools that let multiple independent processes share one GPU and a bounded CPU/RAM budget without colliding - using nothing but flock. No daemon, no scheduler, no root, no software to install. If you run two (or more) long-lived agent loops, cron jobs, or termina...
A real-time computer-vision aim-assist for offline, single-player MLB The Show 26. Built as an accessibility aid for players with motor disabilities who cannot reliably execute the small left-stick corrections that the game's Zone hitting interface demands, or the precise gest...
Generate iOS .mobileconfig configuration profiles from WireGuard .conf files with a true kill switch and OnDemand auto-connect baked in.