status: monitoring
Hi, I'm Himangshu Pan.
Blue-team research · Detection · Incident response. I investigate logs, build detections, and write up what I learn so others can use it.
$ work in silence — let your detections make the noise
himangshu.pan role: SOC analyst (blue team) focus: detection · IR · log analysis status: open to opportunities
# about
Python developer turned defensive security researcher. After several years building Python backends and blockchain systems, I pivoted into security with a focus on the blue team — detection engineering, incident response, and the daily craft of running a SOC.
I spend my time in labs reproducing attacker behavior so I can write better detections for it, picking apart logs, and turning CTF rooms into transferable analyst muscle. CEH (2018) was my entry point; the work since has been about understanding systems deeply enough to defend them, not just probe them.
# skills
SIEM & Log Analysis
Network Forensics
Endpoint & EDR
Scripting & Automation
Frameworks
Lab & Tooling
# certifications
Certified Ethical Hacker (CEH)
EC-Council
$ more in progress — BTL1, Security+, KC7.
# recent writeups
all writeups →Detection Engineering: Writing Your First Sigma Rule
From an attacker's command to a portable detection rule — a hands-on intro to Sigma using a Mimikatz-style LSASS access pattern.
OverTheWire Bandit — From a Defender's Notebook
Walking through Bandit Level 0 → 1 not just to solve it, but to think about what each step would look like in SOC telemetry.
TryHackMe PyRat — What a Defender Would Have Caught
Walking the PyRat room and annotating each attacker step with the log signature, SIEM query, and Sigma rule that would have caught it.
# projects
all projects →ELK + Wazuh SOC Home Lab
A reproducible blue-team lab — Elastic, Kibana, Wazuh manager + agent, and a Windows victim VM — for detection engineering practice.
↗ repo
VMware Detection Lab
A lightweight VMware Workstation setup for safely detonating malware samples and generating Sysmon telemetry.