Building autonomous detection systems and architectural security guarantees. Currently exploring agentic DFIR — MCP-based forensic agents that encode the reasoning pattern of a senior analyst as architecture, not as a prompt.
The interesting problem in "AI for security" isn't the model — it's the architecture: tool boundaries, deterministic correlation, evidence chains, audit trails. Guardrails belong in the surface, not the system prompt.
- Digital Forensics & Incident Response · Windows / macOS / Linux
- Detection Engineering · MITRE ATT&CK coverage modeling, Sigma
- DevSecOps & Security Automation
- Agentic AI for Security · MCP, audit-chained reasoning loops
- Personal Agentic Systems · trading, market intelligence, operator dashboards
| Order | Repository | Signal |
|---|---|---|
| 1 | agentic-dart | Flagship agentic DFIR system. |
| 2 | yushin-trade-showcase | Private autonomous trading cockpit, public operator surface. |
| 3 | yushin-watch-showcase | Private market-intelligence monitor for luxury watches. |
| 4 | yushin-mac-forensics-platform | Archived DFIR intelligence platform with evidence review and reporting surfaces. |
| 5 | yushin-mac-artifact-collector | Archived macOS triage collector and supply-chain IOC reference. |
| 6 | yushin-gendfir-rag | Archived DFIR research replication behind the agentic intelligence direction. |
Autonomous DFIR agent. Architecture-first, not prompt-first. Read-only MCP surface (native pure-Python + SIFT adapters) makes destructive ops impossible by construction — a typed, read-only toolset built from native Python plus SIFT adapters, a full passing test suite, and ground-truth-scored case studies on real-world images. External case-study slots include NIST CFReDS, Ali Hadi, and Digital Corpora M57. SANS FIND EVIL! 2026 entry.
→ github.com/Juwon1405/agentic-dart · Submission to SANS FIND EVIL! 2026 · MIT
Supporting module: agentic-dart-collector-adapter converts Velociraptor offline-collector ZIPs into the evidence_root layout Agentic-DART consumes.
Not everything I build is DFIR. I also run personal agentic systems where the same engineering idea shows up in a different domain: deterministic runtime first, database-backed evidence, LLMs as supervisors, and dashboards/Telegram as the operator surface.
|
Private Bithumb KRW spot trading cockpit. The trading loop is deterministic; the LLM supervisor reviews evidence, rejected entries, market context, and policy history without becoming the runtime dependency. |
Private luxury-watch market-intelligence monitor. It combines sold-price baselines, active listings, reference extraction, catalog context, and vision-assisted review while keeping purchase decisions human-controlled. |
These repositories are archived intentionally. They show the security-intelligence building blocks behind Agentic-DART: collection, evidence normalization, analyst review, reporting, and research-backed retrieval.
- Network Attack Packet Analysis for Security Practitioners · 보안 실무자를 위한 네트워크 공격 패킷 분석 (co-author, lead)
Freelec, 2019.11 · ISBN 9788965402589 · ~370 pp.
A practitioner's reference covering DDoS, web exploitation, malicious traffic, wireless intrusion, system exploitation, and large-volume packet analysis.
→ Yes24 · Aladin · Kyobo · Google Books
- 🥇 Gold Prize, 2017 Korea Open-Source Software Developer Contest (NIPA, national OSS award)
- 📜 Patent (filed): Security Event Correlation Analysis Apparatus (2018, Netmarble Corp.)
- 🎯 4th place, 2017 CCE National Cyber Defense Competition (National Intelligence Service of Korea)
- 🐛 Special Prize, 2015 LINE Bug Bounty Program (LINE Corp.)
- Awesome Stars (GitNote) ⭐ — starred repos sorted into curated buckets (DFIR / Blue Team / AI / Red Team / Malware / OSINT), regenerated after curation passes.
- Lists: DFIR · BlueTeam · Tools & Tips · DevSecOps · Gist
- YouTube — DoubleS1405, a long-running Korean-language information-security lecture channel (2014–present).
Research collaboration · CTF · CSIRT exchange · Open-source security tooling
Juwon Bang · 방주원 · 優心 (YuShin)




