Kazim Ali

SOC Analyst

Computer Science undergraduate with hands-on offensive & defensive cybersecurity experience. Skilled in network reconnaissance, intrusion detection, incident response, and endpoint security through an intensive Purple Team Bootcamp.

0 Lab Reports
0+ Tools Mastered
0 Technical Projects
Explore Projects
kazim@kali:~
$
Scroll to explore
01
Technical Arsenal

Skills & Tools

Network Security

Reconnaissance, scanning & traffic analysis

Nmap Wireshark Zeek RITA tcpdump Network Flow

Intrusion Detection

Rule engineering & log analysis

Suricata IDS/IPS Rule Writing Sysmon Event ID Analysis fast.log / eve.json

Offensive Tools

Exploitation, shells & tunneling

Netcat Socat PowerCat PowerShell Reverse Shells SSL Tunnels

Incident Response

Forensics, triage & recovery

Velociraptor (VQL) KAPE Volatility FTK Imager RCA Reporting

Threat Analysis

C2 detection & threat intelligence

C2 Beaconing DNS Tunneling MITRE ATT&CK Splunk (SIEM) Log Correlation

OS & Infrastructure

Systems hardening & virtualization

Linux (Kali/Ubuntu) Windows Server VMware ESXi Active Directory Docker
02
Purple Team Bootcamp

Cybersecurity Projects

01

Velociraptor Hunting & VQL Analysis

Digital Forensics Threat Hunt
  • Deployed Velociraptor infrastructure for large-scale endpoint monitoring and threat hunting across Windows and Linux.
  • Utilized VQL (Velociraptor Query Language) to hunt for persistent mechanisms like Shellbags, USN Journals, and USN artifact collection.
  • Automated the detection of suspicious process injections and unauthorized administrative actions using custom-built VQL artifacts.
02

Incident Response & Root Cause Analysis

DFIR Blue Team
  • Conducted a full Incident Response lifecycle for a simulated phishing compromise on the scholarkazim.com domain.
  • Performed Root Cause Analysis (RCA) identifying critical gaps in SPF/DKIM/DMARC and Multi-Factor Authentication (MFA).
  • Executed containment, eradication, and recovery steps while documenting the "Order of Volatility" during evidence collection.
03

Purple Team Network Reconnaissance

Offensive Detection
  • Executed structured network reconnaissance (SYN, UDP, Service Detection) against target virtualized environments.
  • Correlated offensive scan traffic with Suricata IDS alerts and Zeek connection logs to evaluate blue-team visibility.
  • Mapped all findings and security gaps to the MITRE ATT&CK framework for strategic defense improvement.
04

Active Directory Defense & Mimikatz Research

AD Security LSASS Protection
  • Analyzed lateral movement techniques and simulated Mimikatz credential harvesting to test enterprise defenses.
  • Researched and documented LSASS memory protection mechanisms and Credential Guard configurations.
  • Hardened Windows Server environments using GPOs and applied security baselines according to CIS Benchmarks.
05

C2 & DNS Tunneling Detection (Zeek / RITA)

Threat Hunt Traffic Analysis
  • Analyzed PCAP files using Zeek and RITA to identify stealthy command-and-control (C2) beaconing patterns.
  • Detected sophisticated DNS tunneling techniques used for data exfiltration and persistent C2 communication.
  • Deployed IDS signatures to alert on suspicious non-standard port traffic and long-lived connection patterns.
06

Endpoint Security Engineering (Sysmon XML)

Detection Engineering Logging
  • Engineered high-fidelity detection rules by authoring and maintaining custom Sysmon XML configuration files.
  • Mapped detection logic to capture PowerShell execution, remote service creation, and remote thread injection.
  • Optimized log ingestion and volume in Splunk by filtering benign activity while maintaining critical visibility.
07

Post-System Compromise Forensics

Digital Forensics Persistence Hunt
  • Identified persistence mechanisms including rogue scheduled tasks, malicious registry Run keys, and unauthorized local accounts.
  • Applied forensic methodology to reconstruct attacker timelines and entry points following a successful system compromise.
  • Leveraged USN Journal and Shellbag analysis to track file access history and directory traversal patterns by a threat actor.
08

Advanced Pivoting & Shell Engineering

Offensive Security Socat/Netcat
  • Demonstrated advanced network pivoting techniques using Socat and Netcat to bypass segmented network boundaries.
  • Engineered stable reverse shells and bind shells with integrated encryption to simulate sophisticated C2 communication.
  • Documented detection avoidance strategies for offensive tools by analyzing traffic patterns and shell signatures.
09

SIEM Architecture & Splunk Data Orchestration

SIEM Log Management
  • Architected a central logging infrastructure using Splunk for real-time visibility across heterogeneous environments.
  • Configured Universal Forwarders and indexed network flows, IDS alerts, and endpoint event logs for unified analysis.
  • Developed dashboards to monitor authentication anomalies and potential brute-force attempts across the enterprise.
View All 23 Technical Reports
03
Career Journey

Technical Experience

2025 – 2026

Purple Team Bootcamp Participant

Intensive Hands-on Security Training

  • Executed 23+ technical projects covering end-to-end Purple Team operations (Threat Emulation & Incident Detection).
  • Mastered enterprise-grade security tools including Velociraptor, Splunk SIEM, Suricata IDS, and Zeek Network Analysis.
  • Engineered high-fidelity detection rules and authored detailed technical reports for every lab and phase of the program.
2022 – 2026

Customer Service & Technical Assistant

Printing & Copy Center — Karbala, Iraq

  • Provided structured technical support by diagnosing system, hardware, and workflow issues using a methodical troubleshooting approach
  • Maintained detailed ticket documentation and reported recurring issues — directly applicable to SOC ticketing and incident logging
  • Supported users with varying technical skill levels, ensuring clear and secure communication across all interactions
04
Education

Academic Background

Expected 2027

B.Sc. — Computer Science

University of Karbala — Iraq

Focus: Cybersecurity, Networking, Operating Systems

Graduated

High School Diploma

Al-Dhura High School for Distinguished Students — Iraq

05
Let's Connect

Get In Touch

I'm actively seeking a professional position where I can apply my technical skills in SOC operations and Purple Teaming. Feel free to reach out for collaborations or opportunities.

Send Message WhatsApp Me
Location Karbala, Iraq

Training & Certifications

Purple Team Bootcamp
Intensive hands-on cybersecurity training — Red, Blue & Purple team operations
2025 – 2026 Supervisors: Anmar Mohammed | Mohammed Baqer Hassan
Self-Study
Cybersecurity fundamentals, OSINT techniques, security awareness, threat modeling, computer science, programming, and web development.

Languages

Arabic Native Speaker
English Fluent — All reports in English
SYSTEM STATUS: ACTIVE MONITORING