Skip to content
View gurvinny's full-sized avatar
🔐
Building cool things so attackers can’t
🔐
Building cool things so attackers can’t

Block or report gurvinny

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
gurvinny/README.md

Gurvin Singh

Typing SVG

LinkedIn TryHackMe Email


Status Location Security+ CySA+


Certified blue-team defender. I build my own SOC, then break it, investigate it, and harden it. Every step documented.


role   : SOC Analyst · Blue Team Defender
lab    : Proxmox · pfSense · Wazuh 4.14.5 · Authentik · Docker · Pterodactyl
focus  : Detection Engineering · Threat Hunting · Incident Response · CIS Hardening
certs  : Security+ Certified · CySA+ Certified · THM SOC L1 (Advanced)
audits : CIS Ubuntu 24.04 L1 · 88.9% · USG Level 2 Server · 90.8%

[ SIEM ] Wazuh Splunk

[ NETWORK ] Wireshark pfSense Suricata

[ SYSTEMS ] Linux Bash Python

[ INTEL ] Sigma YARA MITRE



🔬 Projects

Repo What
🛡️ Security Analyst Portfolio Sigma rules · IR playbooks · NIST writeups
🔴 Wazuh SIEM Recovery Broke → fixed → hardened · CIS 88.9% · USG L2 90.8%
🏠 Home Network Lab VLAN segmentation · IDS/IPS · log aggregation
🐍 Automated Phish Extractor Python IOC extraction in 30 seconds
🎧 Slo-Fi Browser audio engine · TypeScript · Web Audio API · client-side, zero data exfiltration

🔴 Latest Investigation


╔══════════════════════════════════════════════════════════════╗
║  INCIDENT  Wazuh SIEM Full Pipeline Failure · 2026-04-24     ║
╠══════════════════════════════════════════════════════════════╣
║  PROBLEM   0 dashboard entries · all services active         ║
║  CAUSE     Admin hash mismatch · missing OpenSearch role     ║
║            Dashboard keystore overriding yml config          ║
║  FIXED     Auth chain repaired · roles created               ║
║            Keystore updated · auditd conflicts resolved      ║
║  AUDITS    CIS Ubuntu 24.04 L1   88.9%  ✓                    ║
║            USG Level 2 Server    90.8%  ✓                    ║
╠══════════════════════════════════════════════════════════════╣
║  RESULT    CIS Score   83.0%  >>>>>>>>>>>>>>>  88.9%  ✓      ║
║                                                              ║
║  STATUS    RESOLVED    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓          ║
╚══════════════════════════════════════════════════════════════╝

→ Full case study


🟢 "The attacker needs to be right once. The defender needs to be right every time."

Pinned Loading

  1. security-analyst-portfolio security-analyst-portfolio Public

    Hands-on SOC analyst training portfolio covering threat detection, incident response, log analysis, and blue team lab investigations.

    1

  2. home-network-lab home-network-lab Public

    Enterprise-style home lab implementing VLAN segmentation, firewall isolation, and secure network architecture using pfSense.

  3. Automated-Phish-Extractor Automated-Phish-Extractor Public

    An automated triage tool for SOC analysts. Parses raw .eml files, extracts and defangs IOCs, analyzes SPF/DMARC headers, and generates standardized threat reports.

    Python 2 3

  4. grv-flipper-lab grv-flipper-lab Public

    Embedded systems, automation & security research using Flipper Zero. IR, RF, GPIO, NFC & protocol analysis.

    2

  5. Slo-Fi Slo-Fi Public

    Slo-Fi turns your browser into a late-night studio. Experience your favorite tracks in a new dimension with professional-grade slowing and deep, ethereal reverb. No downloads, no lag just pure atmo…

    TypeScript

  6. spectre spectre Public

    WiFi intrusion-detection sensor: ESP32-C5 sniffer to FastAPI detection to Next.js SOC console with Wazuh forwarding

    TypeScript