$ ./whoami --verbose

┌──[ INTEL-REPORT // CLASSIFIED: OPEN-SOURCE ]──────────────────┐ │ CODENAME .......... APT-AHMED │ │ REAL_NAME ......... Ahmed BARGADY │ │ ORIGIN ............ Morocco 🇲🇦 │ │ FIRST_OBSERVED .... 2019 (commit hash: a17d3f...) │ │ STATUS ............ ACTIVE ▮▮▮▮▮▮▮▮▮▮ 100% │ │ SECTOR ............ Academia · Cybersecurity · AI Research │ │ MOTIVATION ........ curiosity · open-source · ☕ │ │ THREAT_LEVEL ...... HIGH-CURIOSITY ⚠ │ └────────────────────────────────────────────────────────────────┘ MISSION   Hunting Advanced Persistent Threats with graph neural nets, LLM agents, and a lot of late-night tail -f. ALIASES   @AhmedBargady · @bargadyahmed · ahmedBargady 🤗 · bargady.online PRIORS   Data Science Engineer → Full-Stack Developer → ⤳ now PhD Researcher

◢ TARGETS / OBJECTIVES ◣ + Detect stealthy multi-stage APTs + Reason over MITRE ATT&CK with LLMs + Open-source an APT benchmark + Publish first PhD paper (2026) ! Sleep more - Boring dashboards ◢ TTPs ◣ Initial-Access: Python · PyTorch Execution: FastAPI · Next.js Persistence: Docker · K8s · AWS Discovery: Graph DBs · ELK Exfiltration: Open-Source 🌍

RECON → WEAPONIZE → DELIVER → EXPLOIT → INSTALL → C2 → ACTIONS    vs.    🛡️  AI · Graphs · LLMs

🛰️  Current Research

Detecting stealthy, multi-stage attackers (APTs) inside enterprise telemetry
with graph-based and LLM-assisted anomaly detection.

🧠 Direction	🔬 What I'm exploring
Provenance Graphs	Lateral-movement detection via temporal GNNs
LLM-augmented SOC	Reasoning over alerts, MITRE ATT&CK mapping
Adversarial Robustness	Evasion attacks on EDR/ML detectors
Benchmarks & Data	Reproducible APT datasets for the community

🛠️  Tech Stack & Tools

🐍  Contribution Snake

📊  GitHub Analytics

📈  Activity Graph

🏆  GitHub Trophies

🤝  Let's Connect

If you're into AI × Cybersecurity, LLM agents, or just want to nerd out about ML — say hi.