Skip to content
View shaurya-security's full-sized avatar

Block or report shaurya-security

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
shaurya-security/README.md

Shaurya (Aman Kumar)

Blue Team · Cloud Security · Detection-Focused Projects

Four detection engineering projects. All deployed. All documented.

Blue team focus: cloud detection pipelines, active response automation, and SIEM rule authoring on AWS.


What I'm building

Structured path from Linux and networking foundations to cloud detection engineering. Phases 1–6 complete. Phase 7 focused on portfolio projects and practical detection workflows.


Projects

wazuh-active-response-containment SSH brute-force detection and automated containment on AWS. Custom Wazuh correlation rule fires on threshold, triggers firewall-drop active response, inserts an iptables block for the attacker IP, and auto-removes it after 120 seconds. Full chain validated: attack → detection → alert → containment → recovery.

Demonstrates: detection engineering, active response automation, iptables, MITRE T1110, AWS networking, troubleshooting.

aws-cloud-detection-pipeline Cloud detection pipeline on AWS using CloudTrail, VPC Flow Logs, and Wazuh. Validated the full telemetry pipeline across host, network, and API log sources before implementing detections. Custom rules for AWS enumeration and SSH brute force. Entire environment provisioned from the CLI.

Demonstrates: telemetry pipeline design, IAM least-privilege, detection engineering, alert investigation.

aws-infra-cli Bash-based AWS infrastructure toolkit with 8 modules and 110+ functions for VPC, networking, EC2, NAT, and security group management. Built entirely on AWS CLI without Terraform or CloudFormation.

Demonstrates: AWS networking internals, Bash scripting, infrastructure automation, dependency management.

wazuh-custom-rule-detection Local KVM lab. Custom level-12 Wazuh rule mapped to MITRE ATT&CK T1110. Wrote the rule, triggered the attack, validated the alert, wrote the investigation report. Complete chain: activity → log → rule → alert → investigation.

Demonstrates: custom detection rule authoring, MITRE mapping, SOC triage workflow.

from-packets-to-siem Six phases of learning, reconstructed and documented honestly. Notes, labs, summaries — what clicked, what broke, what I'd do differently.


Stack

Wazuh AWS CloudTrail VPC Flow Logs Bash Python KVM Linux MITRE ATT&CK IAM S3 SIEM iptables


Where I am

  • Phases 1–6 complete
  • Portfolio Entry 1 — SSH brute force detection (local lab)
  • Portfolio Entry 2 — AWS infrastructure CLI toolkit
  • Portfolio Entry 3 — Cloud detection pipeline (AWS + Wazuh)
  • Portfolio Entry 4 — Automated containment with Wazuh Active Response
  • Phase 8 — Certification (AWS CCP - Ongoing)
  • Phase 9 — Job applications

Links

GitHub: https://github.com/shaurya-security LinkedIn: https://www.linkedin.com/in/aman-kumar-141495411/

Pinned Loading

  1. from-packets-to-siem from-packets-to-siem Public

    Learning cybersecurity and cloud from scratch - Linux, scripting, AWS, detection, and a self-hosted SIEM. Six phases documented honestly.

    Shell

  2. wazuh-custom-rule-detection wazuh-custom-rule-detection Public

    Custom Wazuh SSH brute force detection lab using Linux Mint, Fedora, and Ubuntu Server VMs with MITRE ATT&CK mapping and SIEM alert validation.

  3. aws-infra-cli aws-infra-cli Public

    AWS infrastructure automation toolkit built with Bash and AWS CLI. 110+ functions across 8 modules managing VPCs, subnets, EC2, NAT, routing, and security groups without Terraform or CloudFormation.

    Shell

  4. aws-cloud-detection-pipeline aws-cloud-detection-pipeline Public

    Cloud-based detection engineering lab using AWS, Wazuh, CloudTrail, VPC Flow Logs, custom detections, and alert investigation.

    Shell

  5. wazuh-active-response-containment wazuh-active-response-containment Public

    Automated SSH Brute Force Detection and Containment on AWS Using Wazuh

    Shell