Building autonomous detection systems and architectural security guarantees. Currently exploring agentic DFIR — MCP-based forensic agents that encode the reasoning pattern of a senior analyst as architecture, not as a prompt.
The interesting problem in "AI for security" isn't the model — it's the architecture: tool boundaries, deterministic correlation, evidence chains, audit trails. Guardrails belong in the surface, not the system prompt.
- Digital Forensics & Incident Response · Windows / macOS / Linux
- Detection Engineering · MITRE ATT&CK coverage modeling, Sigma
- DevSecOps & Security Automation
- Agentic AI for Security · MCP, audit-chained reasoning loops
Autonomous DFIR agent. Architecture-first, not prompt-first. Read-only MCP surface (native pure-Python + SIFT adapters) makes destructive ops impossible by construction. v1.0.2 — 72 typed read-only MCP tools, full passing test suite, 11 case studies, and 99 ground-truth findings. External case-study slots include NIST CFReDS, Ali Hadi, and Digital Corpora M57. SANS FIND EVIL! 2026 entry.
→ github.com/Juwon1405/agentic-dart · Submission to SANS FIND EVIL! 2026 · MIT
🔌 agentic-dart-collector-adapter new — Phase 1.3
|
📓 GitNote
|
📦 Archived projects
🧪 yushin-gendfir-rag archived
Unofficial Python replication of Loumachi, Ghanem & Ferrag (2024). RAG + LLM pipeline for DFIR cyber-incident timeline analysis. The work in this repository served as a foundation that informed the design of agentic-dart, which supersedes it with agentic (rather than pure RAG) reasoning and a hardened MCP surface. Kept public as a reference artifact.
🍎 yushin-mac-artifact-collector archived
Single-file bash DFIR artifact collector for macOS hosts where Velociraptor is not an option. Originator of the supply-chain IOC sweep patterns (litellm PyPI 2026-03, npm typosquat detection) now ported and generalized into agentic-dart. Kept public as a supply-chain reference.
🔬 yushin-mac-forensics-platform archived
Flask-based macOS DFIR web platform that ingested collector ZIPs & disk images (DD/RAW/E01/AFF/DMG) and produced searchable evidence + PDF incident reports. Paused for post-SANS repositioning as the agentic-dart web UI — reading findings.json + audit.jsonl from an Agentic-DART run and rendering them in the browser.
- Network Attack Packet Analysis for Security Practitioners · 보안 실무자를 위한 네트워크 공격 패킷 분석 (co-author, lead)
Freelec, 2019.11 · ISBN 9788965402589 · ~370 pp.
A practitioner's reference covering DDoS, web exploitation, malicious traffic, wireless intrusion, system exploitation, and large-volume packet analysis.
→ Yes24 · Aladin · Kyobo · Google Books
- 🥇 Gold Prize, 2017 Korea Open-Source Software Developer Contest (NIPA, national OSS award)
- 📜 Patent (filed): Security Event Correlation Analysis Apparatus (2018, Netmarble Corp.)
- 🎯 4th place, 2017 CCE National Cyber Defense Competition (National Intelligence Service of Korea)
- 🐛 Special Prize, 2015 LINE Bug Bounty Program (LINE Corp.)
- Awesome Stars (GitNote) ⭐ — starred repos sorted into curated buckets (DFIR / Blue Team / AI / Red Team / Malware / OSINT), regenerated after curation passes.
- Lists: DFIR · BlueTeam · Tools & Tips · DevSecOps · Gist
- YouTube — DoubleS1405, a long-running Korean-language information-security lecture channel (2014–present).
Research collaboration · CTF · CSIRT exchange · Open-source security tooling
Juwon Bang · 방주원 · 優心 (YuShin)