Skip to content
View ibernal1815's full-sized avatar
🎯
Focusing...
🎯
Focusing...
3 followers · 3 following

Achievements

Achievement: Pull Shark

Achievements

Achievement: Pull Shark

Block or report ibernal1815

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
ibernal1815/README.md

Isaiah Bernal

Purple Team Engineer  ·  SOC Analyst  ·  Detection Engineering / DFIR

LinkedIn CySA+ Security+ CC

My background is in IT infrastructure, but I found my passion on the defensive side of security. I spend time in my home lab simulating attacks and digging through Windows Event Logs, Sysmon telemetry, and memory dumps to understand how things actually work under the hood.

Lately I've been focused on reconstructing attack timelines around techniques like persistence and privilege escalation using Elastic SIEM, Volatility, and Suricata. I also build Python tooling for log normalization, IOC extraction, and threat intel enrichment as a modular pipeline.

Recently graduated with my B.S. in Computer Information Technology from CSUN and currently deciding on a master's program in information security.

Projects

Project Focus Stack Status
Log Normalizer / IOC Extractor Multi-format log parsing, IOC extraction, suspicious pattern flagging, structured JSON output Python, argparse, re, python-evtx, rich Complete
Threat Intel Enricher IOC enrichment against VirusTotal and AbuseIPDB, verdict scoring, pipeline chaining via stdout Python, requests, psycopg2 Complete
SQL Security Lab Dual-version Flask app demonstrating SQL injection vs parameterized queries, RBAC, row-level security Python, Flask, PostgreSQL Complete
Python Keylogger with C2 Server AES-encrypted keystroke capture, HTTP POST to Flask C2, modular architecture with unit tests Python, Flask, hashlib, pynput Complete
Sysmon Detection Lab MITRE ATT&CK simulation, Sigma rule authoring, alert correlation Sysmon, Elastic SIEM, Wazuh In Progress
Malware Analysis Lab Static/dynamic analysis, memory forensics, IOC reporting FLARE-VM, REMnux, Volatility, YARA In Progress
Enterprise Active Directory Lab Domain administration, incident simulation, GPO, bulk provisioning Windows Server, PowerShell Complete
Windows Internals Lab Process analysis, system behavior documentation Sysinternals, Sysmon, VirtualBox In Progress

Skills

Security       Splunk · Elastic SIEM · Wazuh · Sysmon · Suricata · Wireshark · Volatility · Sysinternals · CyberChef
Detection      Sigma Rules · MITRE ATT&CK · Alert Triage · IOC Extraction · Log Analysis · Threat Hunting
Python         requests · argparse · hashlib · psycopg2 · pynput · python-evtx · re · Flask · pytest
Scripting      Bash · PowerShell · SQL
OS             Linux (Ubuntu, Kali, Fedora) · Windows 10/11 · Windows Server · macOS
Infrastructure VMware · VirtualBox · Proxmox · pfSense · Active Directory · Azure / Entra ID

Education & Certifications

B.S. Computer Information Technology  ·  California State University, Northridge  ·  2026
A.S. Cybersecurity & Computer Programming  ·  Los Angeles Mission College  ·  2023/2024

 

CompTIA Security+  ·  CompTIA CySA+  ·  ISC2 CC  ·  HTB CDSA (In Progress)

Pinned Loading

  1. log-normalizer log-normalizer Public

    Python tool to parse and normalize raw security logs into a structured format for analysis or SIEM ingestion

    Python

  2. malware-analysis-lab malware-analysis-lab Public

    A structured malware analysis lab covering static analysis, dynamic behavioral analysis, memory forensics, and detection engineering with Sigma and Wazuh.

  3. threat-intel-enricher threat-intel-enricher Public

    CLI tool that enriches IOCs against VirusTotal and AbuseIPDB and outputs a structured JSON threat intel report.

    Python

  4. active-directory-lab active-directory-lab Public

    Simulated enterprise Active Directory environment for Silverline Technologies — covering AD DS, DNS, GPOs, file permissions, PowerShell automation, and IT support workflows.

    PowerShell

  5. sysmon-sysinternals-detection-lab sysmon-sysinternals-detection-lab Public

    Detection engineering lab using Sysmon and Sysinternals to identify attacker TTPs, map to MITRE ATT&CK, and build detection logic.

  6. python-keylogger python-keylogger Public

    Modular Python keylogger with AES-encrypted keystroke transmission, screenshot capture, and a Flask-based C2 server — built for adversarial simulation and endpoint detection research.

    Python