Skip to content
View egemenguney's full-sized avatar

Achievements

Achievement: YOLOAchievement: Pull Shark

Achievements

Achievement: YOLOAchievement: Pull Shark

Highlights

  • Pro

Block or report egemenguney

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
egemenguney/README.md

🛡️ Egemen Güney KOÇ | Cyber Threat Intelligence & DevSecOps Engineer

Ex-Technical Support Specialist turned Advanced Threat Researcher.
I build high-performance, autonomous pipelines to track malware from GitHub repositories down to the final payload execution.

🏹 The Intelligence Pipeline: ThreatHunter v2.0

My current ecosystem is a fully automated, asynchronous malware analysis factory.

  • ⚡ High-Speed Recon: Built with httpx for asynchronous scanning, enabling rapid discovery of malicious repositories at scale.
  • 🔬 Deep Payload Tracking: End-to-end tracking from initial repo discovery to payload extraction and C2 infrastructure mapping.
  • 🧠 Intelligent Clustering: Autonomous clustering of threats based on behavioral patterns and campaign characteristics.
  • 🛡️ Verification & De-obfuscation: * Cross-Check Engine: Validates findings across multiple repositories.
    • Hash-Based Verification: Identifies and verifies obfuscated JS files through global hash comparisons.
  • 🌐 Network & Dynamic Analysis: * Selenium Wire: Real-time network traffic interception and analysis of malware stage-loaders.
    • Automated Sandboxing: Direct feeding to VirusTotal for behavioral analysis and automated screenshot capture.

🛠️ Technical Arsenal

  • Languages: Python (Asyncio, Httpx), Bash, YARA.
  • Tools: Selenium Wire, VirusTotal API, Hybrid Analysis, Docker.
  • Methodologies: Malware Clustering, Network Traffic Analysis, Heuristic & ML Ensemble Detection.
  • Infrastructure: Cloudflare Zero Trust, Secure CI/CD Pipelines, Automated Logging.

📂 Architecture Overview

  • core/: Async scanners (httpx), ML classifiers, and Selenium Wire integrators.
  • pipeline/: Automated clustering and VirusTotal feeding modules.
  • data/: Real-time C2 intel, verified hashes, and automated analysis screenshots.

🚀 Roadmap (Upcoming)

  • 🛰️ Telegram CTI Integration: Automated monitoring of encrypted threat intelligence channels.
  • 📊 Intel Dashboard: A centralized UI to visualize real-time campaign clusters and network graphs.

Professional Background

Ex-Technical Support Specialist. I bring a high level of troubleshooting expertise, system reliability focus, and corporate professionalism to every project I build.

Patreon X (Twitter) Instagram Portfolio

"Turning raw repository data into actionable threat intelligence, asynchronously."

Pinned Loading

  1. api-testing-framework api-testing-framework Public

    Automated REST API testing with Cypress, custom commands, fixtures, reporting, and CI/CD integration.

    JavaScript 1

  2. ecommerce-test-suite ecommerce-test-suite Public

    Robust QA automation suite designed to streamline testing of e-commerce platforms, ensuring reliability, scalability, and performance.

    Python 1