Over my summer in the Clemson University Security Operations Center, I had the pleasure of writing some special weapons which has resulted in the creation of HORUS

HORUS screenshot

HORUS is an integration platform that automates many of the junior analyst events. A brief description of its tools are below.


We check all suspicious 2FA activity, and this tool automates most of it. It looks for the following.

It will filter out users created in the past 6 months or users with activity only from their home state. Users who fail these checks will be shown in order of severity with fraud reports first, and the rest based off a scoring system.

If a ticket is created for a user, they can be marked as investigated and will not show up for the next 24 hours.


Simplex will pull the 2FA logs and relevant HDTools information of a specified user. It does not perform checks like Duplex and only shows logs


This small script correlates a user’s VPN history. Logs which correlate to the previous log show up as green, logs that don’t show as red. Correlation is based off source IP and MAC address.


This app finds the username, IP, and MAC address of any username, IP, and MAC address. Provide it one if the three and it will try to source the other two.


Zeppelin is the (temporary) metrics tracking system for the soc. Data is stored on the REDACTED server via the back-end Osiris

Rust GUIs With Egui
Image Indexer