Windows EVTX log analysis for DFIR — fast parsing, ATT&CK mapping, IOC extraction, and Sentinel anomaly detection. Normal + Juggernaut Mode (Arrow/DuckDB) for 10M+ events.

BeCode AD lab on Azure : build, harden, detect. 11 MITRE techniques, 11/11 detection rate. External credential-stuffing capture as real-world validation.

A modern Flet-based UI for PM4PY that enables process mining, discovery, conformance checking, filtering, and analysis of event logs without writing code.

This project aims to redesign Windows audit policy configurations to reduce log noise and enhance detection clarity within Splunk. The objective is to produce a streamlined, purposeful audit policy that supports effective threat detection, baselining, and investigative workflows in a lab or SOC simulation environment.