Skip to content
View irfanm46's full-sized avatar
1 follower · 7 following

Block or report irfanm46

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
irfanm46/README.md

Hi, I'm Irfan

Information Security · GRC · Risk & Compliance

About Me

name     : Irfan
role     : GRC Analyst / InfoSec Analyst (Targeting)
location : India
focus    :
  - ISO 27001:2022 · Annex A Controls
  - GRC · Risk Assessment · Compliance
  - Threat Analysis · Audit Preparation  
  - ISMS · Evidence Collection  
open_to  :       
  - GRC Analyst   
  - InfoSec Analyst  
  - Junior Security Auditor 
mission  : Build tools that make compliance usable for every engineer and security team.

Security Domains

ISO 27001 GRC Risk Management Threat Analysis NIST GDPR SOC2 SIEM Audit & Compliance ISMS CISA

Portfolio — Cyber Tools

Three tools built for engineers and security teams. No signup. No backend. Offline first.

AuditCore — GRC Audit Simulation Platform

Browser-based GRC audit simulation platform. Run complete audit engagements from scoping to final report across 15 industry scenarios. Every decision scored. Every finding graded.

Feature What It Covers
15 Engagements Banking, Healthcare, Government, Retail, Technology
7-Phase Engine Briefing → Scoping → Evidence → Testing → Findings → Response → Report
93 Controls Full ISO 27001:2022 searchable control library
Risk Assessment Lab 25 scenarios with likelihood × impact matrix
Audit Toolkit Risk Matrix, Findings Builder, Framework Mapper, Evidence Checklist
PDF Export Professional audit report generation

LIVE TOOL auditcore

SOURCE auditcore repo

NetKill — Network Attack Simulation Lab

Browser-based interactive network attack lab. 7 attack simulations with animated packet flow, MITRE ATT&CK mappings, four-phase kill chains, and byte-level packet analysis. Pure red team attacker mindset.

Feature What It Covers
Attack Simulations ARP Spoofing, DNS Poisoning, SYN Flood, VLAN Hopping, DHCP Starvation, BGP Hijacking, Full MITM
Kill Chain Engine Four-phase attack lifecycle with real commands
MITRE ATT&CK Full framework mapping per attack
Live Packet Forge Byte-level packet structure analysis
Detection Log Real-time attacker/defender event feed

LIVE TOOL netkill

SOURCE netkill repo

annexa — ISO 27001:2022 Compliance Toolkit

ISO 27001:2022 toolkit that turns every Annex A control into an actionable tool. Built for engineers and GRC teams who need to implement compliance, not just document it.

Feature What It Solves
Compliance Heatmap Visual status of all 93 controls at a glance
Risk Register Score, sort by severity, export for auditors
SoA Generator Audit-ready Statement of Applicability in 5 mins
Threat Mapper Real attacks mapped to exact control gaps
Posture Score ISMS radar chart across 4 Annex A domains
Evidence Wizard Exact checklist of what auditors will ask for
Code Snippets Terraform · GitHub Actions · Bash · Python
2013 → 2022 Diff Full migration map for transitioning orgs

LIVE TOOL annexa

SOURCE annexa repo

Most compliance resources are written for auditors. I build tools for the people who actually have to implement security.

Pinned Loading

  1. annexa annexa Public

    ISO 27001:2022 toolkit for engineers. Compliance heatmap, risk register, controls guide & more. Free. Offline. No signup.

    HTML 2