Back to HabeSec
About HabeSec
HabeSec is built by a Cybersecurity Specialist with 7 years of real-world SOC
experience and MSc research in adversarial machine learning, bridging the gap
between academic adversarial ML research and the practical needs of real SOC teams.
Builder Credentials
7+ Years SOC and Offensive Security
SIEM monitoring, alert triage, incident detection and response,
threat hunting, log correlation, vulnerability management, ethical hacking and penetration testing.
MSc Computer Science - Cybersecurity
MSc research in adversarial machine learning for cybersecurity.
HABE engine validated on the CICIDS 2017 real-world benchmark dataset.
Professional Certifications
Microsoft Azure Certified - Palo Alto Cybersecurity Certified -
Cisco Ethical Hacker - IBM Cybersecurity Analyst - TryHackMe SOC L1/L2 -
Hack The Box Academy - HackerOne Bug Bounty Research
Technical Skills
Python, Bash, PowerShell, Microsoft Sentinel, Grafana, Wireshark,
Nmap, Metasploit, Burp Suite, Kali Linux, scikit-learn, TensorFlow, pandas, MySQL, MariaDB, KQL, Adversarial Robustness Training
Research Results
98.72%
Baseline model accuracy
80.89%
Average evasion on real data
14,036
Real CICIDS 2017 records tested
47.94%
Improvement after adversarial training
Validated on CICIDS 2017 Canadian Institute for Cybersecurity benchmark
dataset used in hundreds of published academic papers.
The Mimicry Gap Visualised
A model that looks perfect on standard tests is completely blind to an attacker
who copies normal traffic patterns.
How a mimicry attack works step by step
1
Attacker observes normal traffic
Normal request: GET /api/data - status 200 - 145ms - 3072 bytes
2
Attacker crafts mimicry attack
GET /../../../etc/passwd
status: 200 | time: 145ms | bytes: 3072
Every numeric field copied from observed normal traffic
3
ML model classifies as NORMAL
4
HABE detects the gap before an attacker exploits it
HabeSec simulates this exact attack against your logs and shows you the mimicry evasion rate then shows you exactly how to fix it.
Why HABE is Different
- Black-Box Attacks: No model internals required, simulating the behavior of a real-world attacker.
- Validated Scenarios: Three attack types tested on real network traffic, not just theoretical data.
- Analyst-Ready Reporting: Plain-English reports designed for security analysts, not data scientists.
- Adversarial Defense: Active training recommendations that don't just identify gaps, but close them.
Open Source
github.com/ag3los/HABE
Contact
Email: habesec.research@proton.me
Back to HabeSec