Leonard Okyere Afeke

Cyber Threat Intelligence Researcher • Security Analyst
PhD in Mathematics • OSINT & Infrastructure Analysis

---

🔍 About Me

Cyber Threat Intelligence Analyst focused on phishing investigations, adversary infrastructure analysis, and OSINT‑driven research. I work on independent CTI projects involving domain pivoting, TLS/certificate metadata analysis, IOC enrichment, and clustering malicious infrastructure.

My work explores attacker behavior, exposed databases, phishing kits, and vulnerability exploitation patterns. I’m also researching how post‑quantum cryptography will shape future adversary tradecraft and intelligence requirements.

This GitHub hosts my CTI workflows, enrichment pipelines, infrastructure‑analysis tools, and long‑form research.

---

🔎 Cyber Threat Intelligence Case Studies

Mutawa Marine Services Phishing Analysis (Completed)

Full CTI investigation into a phishing email impersonating Mutawa Marine Services, including infrastructure analysis, malware triage, IOC extraction, ATT&CK mapping, and a full LaTeX‑based intelligence report.
➡️ https://github.com/git-loa/threat-intel-research-portfolio/tree/main/case-studies/greenholt_phish

Microsoft Login Phishing on Compromised Subdomain (Completed)

Full CTI investigation into a Microsoft‑themed credential‑harvesting campaign hosted on a compromised .co.uk subdomain and delivered through Azure Front Door.
➡️ https://github.com/git-loa/threat-intel-research-portfolio/tree/main/case-studies/microsoft-login-phishing-crforum-2026

OpenSSL CMS Buffer Overflow — CVE‑2025‑15467 (Completed)

Deep‑dive analysis of a stack buffer overflow in OpenSSL’s CMS AuthEnvelopedData AEAD parsing routine.
➡️ https://github.com/git-loa/threat-intel-research-portfolio/tree/main/case-studies/openssl-cms-buffer-overflow-CVE-2025-15467

MongoBleed — Exposed MongoDB Infrastructure (Completed)

Investigation into publicly exposed MongoDB instances, data leakage patterns, and attacker scanning infrastructure.
➡️ https://github.com/git-loa/threat-intel-research-portfolio/tree/main/case-studies/mongoBleed

interiewca‑icu QR‑Based Phishing Campaign (Completed)

Analysis of a QR‑based phishing campaign impersonating a blockchain employer on a job platform.
➡️ https://github.com/git-loa/threat-intel-research-portfolio/tree/main/case-studies/interiewca-icu-phishing

---

🛡️ SOC / CTI Lab Work

SOC–CTI Lab

Elastic + Suricata + OSQuery + enrichment pipelines for SOC/CTI workflows.
➡️ https://github.com/git-loa/afeke-soc-cti-lab

---

🧰 Additional Projects

Agentic AI for Network Monitoring & Threat Detection

Agentic AI framework integrating Suricata, OSQuery, Langflow, and MCP for automated SOC‑style investigations.
➡️ https://github.com/git-loa/agentic-ai-soc-framework

Bash Password Manager

Secure CLI password manager with encryption and logging.
➡️ https://github.com/git-loa/bash-password-manager-project

---

🛠️ Skills & Tools

Python	Bash	Jupyter	Markdown	LaTeX
Elastic Stack	Suricata	OSQuery	Nmap	Wireshark
VirusTotal	Shodan	urlscan.io	DNS / WHOIS	MITRE ATT&CK

---

📊 GitHub Stats

---

📫 Connect

• LinkedIn: https://ca.linkedin.com/in/leonard-afeke