About

About

Hunt smarter. Report better. Fix faster.

Hi, I’m Maysara 3nnani — a SOC analyst turned Red Teamer, CTF player (HTB/THM), and bug hunter.
I love turning noisy telemetry into clear findings and fix-first reports. When I’m not threat hunting, I’m building my security brand MEESSO and writing narrative posts that teach by story.

If you’re here from LinkedIn, welcome—grab a coffee ☕ and explore the sections below.

Quick facts

  • 🎯 Focus: Detection Engineering, IR/Forensics, Adversary Emulation, Bug Bounty
  • 🔭 Current projects: MEESSO (AI-SOC + agentic workflows), write-ups, and SOC playbooks
  • 🧪 Tools I touch daily: QRadar, Sigma, Sysmon, Velociraptor, RITA, Suricata, YARA
  • 🛡️ Methodologies: MITRE ATT&CK, NIST 800-61, OWASP, DFIR
  • 🧩 CTFs: Hack The Box & TryHackMe — love privesc, web, and DFIR rooms

Skills at a glance

| Area | I do | |—|—| | Threat Hunting | Hypothesis-driven hunts, AQL/Sigma queries, beaconing & C2 detection | | DFIR | Live triage, memory/disk forensics, image mounting (AIM), artifact analysis | | Detection Eng. | Sigma/YARA rules, Suricata sigs, Sysmon configs, log source onboarding | | Red/OffSec | Web vulns (PortSwigger labs), AD privesc, emulation labs, OPSEC | | Automation | Python, n8n, bash/PowerShell, data parsers, report generators | | Reporting | Risk storytelling, fix-first remediations, exec-level summaries |

What I’m building — MEESSO

  • AI-SOC patterns: agentic workflows to cut MTTT and speed up triage
  • Hunt packs: Sigma + queries mapped to ATT&CK with clear validation steps
  • Report templates: fix-first, reproducible, action-oriented
  • Write-ups: narrative style posts that turn cases into teaching moments

Want the templates? Ping me—happy to share starter kits.

Selected write-ups

  • 🧪 Mounting Forensic Images the Right Way — Arsenal Image Mounter (AIM) (Narrative)
    /posts/mounting-forensic-images/
  • 🐚 Hunting Beaconing with RITA + Zeek
    /posts/rita-beacon-hunting/
  • 🛡️ Building Useful Sigma Rules (with test data)
    /posts/sigma-from-zero-to-hero/
  • 🕷️ Web Vulns from Recon to Fix (Bug bounty notes)
    /posts/bug-bounty-recon-to-fix/

Tip: keep post cover images at /assets/img/<post-slug>/cover.png and use absolute paths like /assets/img/... to avoid baseurl issues.

Certifications & learning

  • CCD, ECIH, CEH (Master) (studying/maintaining)
  • Constant labs on HTB & THM; PortSwigger Web Security Academy

Open-source & projects

  • Sysmon baseline + Sigma mini-pack — /projects/sysmon-sigma/
  • n8n playbooks for IR triage — /projects/n8n-ir/
  • MEESSO report template/projects/meesso-report/

Contact & profiles

  • 🐙 GitHub: [maysara1996]https://github.com/maysara1996
  • 💼 LinkedIn: https://www.linkedin.com/in/maysaraannani
  • 🧩 Hack The Box: https://app.hackthebox.com/profile/<id>
  • 🧭 TryHackMe: https://tryhackme.com/p/<handle>
  • ✉️ Email: you@domain.com
  • 🔐 PGP (optional):