Security Engineer

Aimen Mamache

Cloud security, detection engineering, and eBPF. I build tools that monitor and protect at the kernel level.

SEC-OS
v1.0
online

About

Building security
tools at the
kernel level

Software engineering student at USTHB. I build detection engines, cloud security scanners, and runtime monitoring tools.

My work bridges kernel-level programming with cloud-native architectures — from eBPF probes to CSPM scanners.

Open source security tools

50+

AWS security checks built

Kernel eBPF probes written

2 yr

Security engineering

Work

Security tools I've built

Beacon Guard

eBPF-based runtime security monitor that hooks kernel syscalls, builds per-process behavioral baselines, and kills anomalous processes in real time.

GoeBPFCLinux

K8s Runtime Guard

Container-aware detection engine. Detects container escapes, cross-namespace attacks, and suspicious behavior via 9 kernel probes with K8s audit correlation.

GoKuberneteseBPF

CloudSweep

AWS CSPM scanner. 50+ misconfiguration checks across S3, EC2, IAM, KMS, CloudTrail, RDS, Lambda, VPC, and GuardDuty.

PythonAWS SDKBoto3

PassShield

Password security platform with k-anonymity breach detection via HIBP, entropy analysis, and cryptographic generation.

Next.jsTypeScriptFlaskPostgreSQL

Code

beacon-guard/ebpf/probe.c

1// beacon-guard: eBPF syscall hook
2SEC("tracepoint/syscalls/sys_enter_execve")
3int hook_execve(struct trace_event_raw_sys_enter *ctx) {
4    struct event *e;
5    e = bpf_ringbuf_reserve(&rb, sizeof(*e), 0);
6    if (!e) return 0;
7
8    e->pid = bpf_get_current_pid_tgid() >> 32;
9    e->type = EXECVE_EVENT;
10    bpf_probe_read_user_str(e->comm, sizeof(e->comm),
11        (void *)ctx->args[0]);
12
13    bpf_ringbuf_submit(e, 0);
14    return 0;
15}

Timeline

2024

Started Cloud Security

Linux internals, network fundamentals

2025

Built eBPF Detection Tools

Runtime security, kernel monitoring

2026

Open Source Contributions

Security tooling, cloud scanners