What is OPFORGE?

OPFORGE stands for Offensive Posture + FORensics + Generation & Engineering. It’s a purpose-built cybersecurity lab environment designed to:

  • 🛠️ Emulate adversary behavior
  • 🔍 Ingest and enrich telemetry from Windows and Linux endpoints
  • 🧠 Apply explainable AI to triage and surface detections
  • 📚 Document real-world operator workflows

Whether you’re reverse-engineering a malware sample, developing YARA rules, or building detection pipelines with SOF-ELK, OPFORGE is designed to mirror the complexity and realism of mission-ready cyber defense.

Mission Goals

  1. Threat Emulation

    • Use Atomic Red Team, Caldera, and custom payloads to simulate known TTPs.

  2. Detection Engineering

    • Build, test, and validate detection logic using tools like Winlogbeat, Sysmon, and ELK.

  3. Explainable AI

    • Incorporate open-source ML models for clustering, classification, and triage augmentation with transparency and traceability.

  4. Documentation

    • Share the setup process, automation, infrastructure, and detection results in a Check–Do–Check blog series.

Who’s Behind It?

OPFORGE is developed and maintained by Alfredo Pelaez, a cybersecurity leader focused on threat detection, adversary emulation, and applied research. His work blends operational experience with a strong foundation in machine learning and cyber defense strategy to build meaningful, mission-ready solutions.

Want to Contribute or Reproduce?

  • Visit the GitHub Repo
  • Fork the blog series and lab setup documentation
  • Suggest topics or TTPs you’d like to see emulated

Built using Hugo + PaperMod + GitHub Pages Hosted on opforge.dev