Skip to content
View Juwon1405's full-sized avatar
:octocat:
:octocat:
13 followers · 51 following

Achievements

Achievement: QuickdrawAchievement: Pull Shark

Achievements

Achievement: QuickdrawAchievement: Pull Shark

Highlights

Block or report Juwon1405

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Juwon1405/README.md

Juwon Bang  (優心)

DFIR & Detection Engineering · Tokyo, Japan

email

Building autonomous detection systems and architectural security guarantees. Currently exploring agentic DFIR — MCP-based forensic agents that encode the reasoning pattern of a senior analyst as architecture, not as a prompt.

🔍 Focus

  • Digital Forensics & Incident Response  ·  Windows / macOS / Linux
  • Detection Engineering  ·  MITRE ATT&CK coverage modeling, Sigma
  • DevSecOps & Security Automation
  • Agentic AI for Security  ·  MCP, audit-chained reasoning loops

🛠️ Stack

📌 Featured Projects

🎯 Agentic-DART  flagship — SANS FIND EVIL! 2026

Agentic-DART

Autonomous DFIR agent that thinks like a senior analyst. Architecture-first, not prompt-first. 31 typed forensic functions across 11 / 12 MITRE ATT&CK tactics, 17 / 17 tests passing on a fresh clone. Read-only MCP boundary makes destructive ops impossible by construction. Starts as agentic DFIR; designed to expand toward agentic SOC and beyond.

github.com/Juwon1405/agentic-dart  ·  Submission to SANS FIND EVIL! 2026  ·  MIT

Other projects

yushin-mac-artifact-collector

macOS DFIR Artifact Collector — single-file, zero-dep, modular collection script with selective module execution and supply-chain IOC sweeps (litellm PyPI 2026-03 + generic).

yushin-mac-forensics-platform

macOS DFIR Forensics Platform — Flask-based platform that ingests collector ZIPs & disk images (DD/RAW/E01/AFF/DMG), parses 30+ artifact categories, and produces searchable evidence + PDF incident reports with optional Ollama / OpenAI analysis.

yushin-gendfir-rag

GenDFIR RAG Pipeline — unofficial Python replication of Loumachi, Ghanem & Ferrag (2024). RAG + LLM pipeline for DFIR cyber-incident timeline analysis. Equation-by-equation, fully unit-tested.

GitNote

GitNote — curated personal knowledge base in InfoSec & computer science. A long-running collection of notes, references, and code snippets from years of DFIR / detection engineering work.

📚 Curated lists

  • DFIR — Digital Forensics & Incident Response
  • BlueTeam — Defensive operations & SOC
  • Tools & Tips — Analysis utilities
  • DevSecOps — Security automation & AI
  • Gist — Code snippets

🤝 Open to

Research collaboration · CTF · CSIRT exchange · Open-source security tooling

Pinned Loading

  1. agentic-dart agentic-dart Public

    Agentic-DART — autonomous detection & response agent. Architecture-first, not prompt-first. Starts as agentic DFIR; designed to expand toward agentic SOC and beyond.

    Python 4

  2. yushin-mac-artifact-collector yushin-mac-artifact-collector Public

    macOS DFIR Artifact Collector — single-file, zero-dependency, modular collection script with selective module execution and supply-chain IOC sweeps.

    Shell 1

  3. yushin-mac-forensics-platform yushin-mac-forensics-platform Public

    macOS DFIR Forensics Platform — Flask-based web platform that ingests collector ZIPs and disk images (DD/RAW/E01/AFF/DMG), parses 30+ artifact categories, and produces searchable evidence + PDF inc…

    Python 1

  4. yushin-gendfir-rag yushin-gendfir-rag Public

    Unofficial Python replication of Loumachi, Ghanem & Ferrag (2024) — RAG + LLM pipeline for DFIR cyber-incident timeline analysis. Equation-by-equation, fully unit-tested.

    Python 1

  5. timesketch timesketch Public

    Forked from google/timesketch

    Collaborative forensic timeline analysis

    Python 1

  6. Zircolite Zircolite Public

    Forked from wagga40/Zircolite

    A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs

    Python 1