Skip to content
View nirhalfon's full-sized avatar
3 followers · 12 following

Achievements

Achievement: Starstruck

Achievements

Achievement: Starstruck

Block or report nirhalfon

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
nirhalfon/README.md

> ./whoami --verbose

┌─[ionsec@dfir-lab]─[~]
└──╼ $ cat /etc/identity

╔══════════════════════════════════════════════════════════════════════╗
║                                                                      ║
║   NAME      ·  Nir Halfon                                            ║
║   ROLE      ·  Founder & CEO  —  IONSEC Cyber Security               ║
║   FOCUS     ·  Digital Forensics & Incident Response (DFIR)          ║
║   BASED     ·  Israel  ·  Operating globally                         ║
║   CAREER    ·  20+ years in cybersecurity                            ║
║                                                                      ║
║   PRIOR     ·  Head of DFIR  —  Israel National Cyber Directorate    ║
║             ·  Senior Security Analyst  —  Dell EMC                  ║
║                                                                      ║
╚══════════════════════════════════════════════════════════════════════╝

[+] Currently  →  Leading IR engagements against advanced threat actors
[+] Currently  →  Building DFIR tooling at github.com/ionsec
[+] Researching →  Cloud forensics · wiper malware · supply-chain attacks
[+] Mission    →  "Conquer the cyber world together."

> cat ./about_ionsec.md

IONSEC is a boutique cybersecurity firm built for organizations facing advanced threat actors — the kind that don't show up in commodity threat feeds.

We've logged 100,000+ hours of DFIR across IT, OT, and IoT environments, and we deliver everything from rapid incident response and forensic investigations to threat hunting, security assessments, and proactive research.

🚨 Incident Response 🔬 Digital Forensics 🎯 Threat Hunting 🛠️ Custom DFIR Tooling
Rapid containment & eradication for active intrusions Deep host, memory & cloud forensics on real cases Adversary emulation & proactive detection engineering Open-source tools shipped to the DFIR community

> ls -la ./arsenal/

🔍 DFIR & Forensics

Volatility Velociraptor KAPE Plaso Autopsy YARA Sigma

☁️ Cloud & Identity Forensics

Microsoft 365 Entra ID AWS Azure GCP DigitalOcean Cloudflare

⚔️ Threat Intel & Adversary TTPs

MITRE ATT&CK CTI Malware Analysis

💻 Languages & Scripting

Python PowerShell Bash Go

🖥️ Platforms & Internals

Linux Windows Docker


> grep -r "published_research" ./ionsec/

🛡️ Project What It Does
🚨 Operation HANDALA Public technical report + YARA detection rules for a sophisticated wiper-malware phishing campaign
📡 DO Audit Log Scraper Chrome extension extracting DigitalOcean audit logs with forensically precise timestamps
🔥 FlareInspect Cloudflare security assessment CLI + web dashboard
🧰 Forti-DFIR DFIR toolkit for FortiGate / Fortinet investigations
📊 MAES Platform Microsoft 365 / Entra ID forensics & investigation platform
🕵️ EntraScout External + internal Microsoft 365 / Entra ID red-team recon with attack-chain mapping

> ./stats.sh --pretty





> ./contact.sh

For incident response engagements, threat-hunt collaborations, research partnerships, or just to talk DFIR.




"You can't defend what you don't understand."

footer

Popular repositories Loading

  1. EntraScout EntraScout Public

    Forked from osherassor/EntraScout

    External + internal Microsoft 365 / Entra ID / Azure red-team reconnaissance with attack-chain mapping

    Python 1

  2. test test Public

    CSS

  3. VolUtility VolUtility Public

    Forked from kevthehermit/VolUtility

    Web App for Volatility framework

    Python

  4. NorkNork NorkNork Public

    Forked from n00py/NorkNork

    Powershell Empire Persistence finder

    Python

  5. procfilter procfilter Public

    Forked from godaddy/procfilter

    A YARA-integrated process denial framework for Windows

    C++

  6. CimSweep CimSweep Public

    Forked from mattifestation/CimSweep

    CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.

    PowerShell