Skip to content
View bariskececi's full-sized avatar

Block or report bariskececi

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
bariskececi/README.md

Barış Keçeci

OT/ICS & Critical-Infrastructure Security · Founder & CTO @ GNSAC
Securing the systems that run water, power, factories and finance.


I'm a security engineer and founder with 16+ years defending operational technology (OT/ICS) and critical infrastructure — SCADA/ICS security, Purdue-model network segmentation, Palo Alto NGFW architecture, and SOC/SIEM/SOAR operations for regulated organisations across critical infrastructure, finance, healthcare and manufacturing.

I build in the open: a growing portfolio of free, MIT-licensed security tools used by defenders worldwide.

🏭 GNSAC — product-led cybersecurity

GNSAC Bilişim Teknolojileri Ltd. Şti. (Istanbul) builds and operates security products for critical-infrastructure and regulated organisations — not one-off consulting, but continuous, measurable defence:

  • Vigil — threat-intelligence & credential-exposure monitoring
  • Phishing — phishing-simulation & security-awareness platform

…backed by senior-led security engineering across application security, SOC monitoring, threat intelligence and attack-surface management.

🧰 Open-source security tools

exposure-check  ·  find what attackers can see before they do

A fast Go scanner for GitHub organisations, repositories and domains — leaked secrets, risky GitHub Actions workflows, missing security controls and attack-surface exposure. Text / JSON / Markdown / HTML / SARIF reports, CI-native, ships as a GitHub Action. go install github.com/bariskececi/exposure-check@latest

🧪 Browser labs — zero install, run them right now

Tool What it does Launch
Blackout Cinematic ICS attack simulator — launch real ATT&CK-for-ICS techniques on a live plant, then defend ▶ live
Exposed Live survey of internet-facing critical infrastructure + a personalised action plan ▶ live
Rampart Turn your OT zones into a deny-by-default segmentation policy (Palo Alto / FortiGate / Juniper / iptables / ASA) ▶ live

🛡️ OT/ICS field tools

  • Strata — passive OT asset & flow mapping from a packet capture, mapped to the Purdue model
  • Mirage — low-interaction OT honeynet that catches attackers probing the network
  • Triage — OT vulnerability prioritisation with CVE + CISA KEV + EPSS (not just CVSS)
  • Vantage — red-team OT assessment & adversary-emulation planning mapped to MITRE ATT&CK for ICS
  • Aether — passive RF detection of rogue wireless emitters and hidden modems

✍️ Writing

I write about industrial cybersecurity, credential exposure and secure engineering on HackerNoon:

🔗 Connect

Website · LinkedIn · HackerNoon

All tools are educational & defensive — scan assets you own or are authorised to assess.

Pinned Loading

  1. blackout blackout Public

    Watch a cyberattack take down a water plant — in your browser. Live ICS attack simulator with real MITRE ATT&CK for ICS techniques. Zero install, opens in one click.

    HTML 4

  2. TRIAGE TRIAGE Public

    Answers "what do I patch first?" — scores an OT/ICS asset inventory against CVE + CISA KEV + EPSS and ranks remediation by real risk, not just CVSS. Runs offline.

    Python 4

  3. mirage mirage Public

    Low-interaction OT/ICS honeynet that emulates a fake industrial plant (Modbus + S7) and maps live attackers in real time.

    Python 4

  4. Strata Strata Public

    Passive OT network mapper — turns a packet capture into a Purdue-model asset map with risk findings, without sending a single packet.

    Python 4

  5. rampart rampart Public

    Describe your OT zones → get a deny-by-default segmentation policy as real Palo Alto / FortiGate / Juniper / iptables / Cisco ASA rules. IEC 62443 + Purdue, import your inventory, export diagram & …

    HTML 1

  6. exposure-check exposure-check Public

    Find what attackers can see before they do — open-source exposure scanner for GitHub orgs, repos, and domains

    Go 1