Skip to content
View threat-punter's full-sized avatar
67 followers · 2 following

Achievements

Achievement: Pair ExtraordinaireAchievement: Starstruckx2Achievement: QuickdrawAchievement: Pull Sharkx3

Achievements

Achievement: Pair ExtraordinaireAchievement: Starstruckx2Achievement: QuickdrawAchievement: Pull Sharkx3

Organizations

@googlers

Block or report threat-punter

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
threat-punter/README.md

Hello 👋

Your data is one of your most valuable assets — the better you protect it from attack, the better your reputation will be with discerning customers. I'm a Staff Security Engineer, specialized in Detection Engineering — I defend organizations against attacks and protect their data and customers from damage and loss.

You can find some of my contributions to the information security community here.

I've publised extensive research and examples for implementing Detection-as-Code. I'm the creator and maintainer of Dorothy — a tool to help security teams test their monitoring and detection capabilities for their Okta environment. I presented Dorothy at Black Hat USA.

I'm on Twitter and Medium

Pinned Loading

  1. community-contributions Public

    A collection of my presentations, blog posts, and other contributions to the information security community

    25 2

  2. elastic/dorothy Public

    Dorothy is a tool to test security monitoring and detection for Okta environments

    Python 179 13

  3. detection-as-code-example Public

    A POC to implement Detection-as-Code with Terraform and Sumo Logic.

    Python 27 8

  4. google-secops Public

    Example code for working with Google Security Operations (SecOps)

    Python

  5. chronicle/detection-rules Public

    Collection of example YARA-L rules for use within Google Security Operations

    Python 359 86

599 contributions in the last year

Contribution Graph
Day of Week March April May June July August September October November December January February
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Learn how we count contributions
Less
No contributions.
Low contributions.
Medium-low contributions.
Medium-high contributions.
High contributions.
More

Contribution activity

March 2025

Created a pull request in chronicle/detection-rules that received 1 comment

[New Rule] GitHub Access Granted To Personal Access Token Followed By High Number Of Cloned Non Public Repositories

Related Issue(s) Resolves #102 Summary This pull request adds a new GitHub rule. This rule detects when a user grants access to a GitHub Personal …

+77 −0 lines changed 1 comment
Reviewed 1 pull request in 1 repository
chronicle/detection-rules 1 pull request

Created an issue in chronicle/detection-rules that received 1 comment

[New Rule] GitHub Access Granted To Personal Access Token Followed By High Number Of Cloned Non Public Repositories

Description This rule detects when a user grants access to a GitHub Personal Access Token prior to cloning several GitHub non-public GitHub reposit…

1 comment
Loading

Seeing something unexpected? Take a look at the GitHub profile guide.