Ilyass El Annid

France

Cybersecurity engineer in software protection, digital forensics, and blue team deployment. From LLVM obfuscation on embedded RISC-V firmware to open-source SOC stack deployment and ICS/OT threat analysis.

Now — In progress

ATT&CK Detection Lab

Building a local lab that simulates MITRE ATT&CK techniques against a Linux VM (UTM) and detects them with Elastic SIEM running in Docker. One technique at a time — auditd logs, Sigma rule, KQL query, writeup.

Tech Stack

Python

C++

Bash

Linux

Git

LLVM

Wireshark

Python

C++

Bash

Linux

Git

LLVM

Wireshark

Debian

Windows

Docker

Elasticsearch

GitHub

GCC

Debian

Windows

Docker

Elasticsearch

GitHub

GCC

Latest writeup

Virtualisation — The Type 1 / Type 2 Classification Has a Gap

2026-05-31

The Type 1 / Type 2 hypervisor classification has a gap — KVM, Hyper-V, and Hypervisor.framework don't fit cleanly into either category, and understanding why matters more than the label.

Latest project

DroidTest

2026-03-06

A Python CLI tool that runs batches of ADB diagnostic commands against Android devices, reports pass/fail per command, and exports results to JSON — with device targeting, timeouts, and selective filtering.

Projects

ATT&CK Detection Lab

Docker Elastic Filebeat Atomic Red Team Sigma Linux

Local lab for simulating MITRE ATT&CK techniques against a Linux VM and detecting them with Elastic SIEM — Atomic Red Team, auditd, Sigma rules, one technique at a time.

Learn more GitHub

DroidTest

Python ADB Android

A CLI runner for Android device diagnostics. Feed it a list of ADB sub-commands, it runs them all and produces a structured pass/fail report with optional JSON export.

Learn more GitHub

View all