Security professional working across detection engineering, malware analysis, and SOC operations. I enjoy the steep part of the learning curve — whether it’s a new analysis framework, a detection language, or some odd sandbox behaviour. When I hit a problem I tend to go all in until I understand it end to end, then turn that into clearer detections, better logic, and cleaner reports.
This blog is where that work lands: malware analysis writeups, research notes, and anything else worth documenting.
Expertise
Detection & Threat Operations
- SOC across IT and OT environments — detection, investigation, response, and continuous monitoring
- Detection engineering: designing and tuning XDR/SIEM use cases, systematic FP/TP analysis to improve signal quality
- Threat hunting with advanced SIEM queries, SQL, and MITRE ATT&CK TTP mapping across endpoints and networks
- Threat intelligence — internal and external reports, feeds, and malware repositories applied to live investigations
Malware Analysis & Reverse Engineering
- Static and dynamic analysis of binaries, documents, and scripts
- Sandboxing with CAPEv2 and ANY.RUN; cross-environment behavioural comparison for evasion and TTP identification
- Basic reverse engineering: Ghidra, Binary Ninja, DIE
- Network traffic analysis: pcap analysis with Wireshark
Tools & Platforms
- XDR: SentinelOne; familiar with Palo Alto Cortex XDR
- SIEM: Hunters; Splunk, Elastic, IBM QRadar (basic)
- Scripting: Python, Bash; SQL for hunting and reporting
- Networking and firewalling
Security Engineering & Risk
- Vulnerability analysis, risk assessment, threat modelling (CVSS)
- Penetration testing and attack-focused methodology
- OSINT and reconnaissance
- OT/ICS security — secure architecture, compliance, and infrastructure hardening
Systems & Programming
- Linux and Windows internals; PE format basics
- Programming: Python, Bash, C, Java, Assembly
Certifications
- CompTIA Security+ ce (SY0-701)
- TCM Security — PMRP Practical Malware Research Professional (in progress)
Blog Posts and Other Publications
This blog is where I document writeups, research notes and anything else I find interesting. Check the Writeups section for the latest entries.
My thesis, published by the University of Applied Sciences and Arts Lucerne, can be found here: History and a “deep” Malware Analysis of the “PlugX” Malware. This was an attempt to analyse a well-known malware still found in the wild — building a timeline of how PlugX has evolved over the years.
Contact
You can reach me using the email encoded in my PGP public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsBNBGCY2RMBCACXRejWIUTYg0eh0Hgiqqa2zzNHyEQ/ndCIq+DIKiVn3RBy
BGLnkcep8sllhh5JMRFFi+DPqjpNghfbzXWD4CmydWnt10/ya/UCCdZq94N9
NKLVD4Cc2bsguah/1C8s42/vRjPDa32k6/u+0p+D2IU5eZFMIVqzVViPpAYg
xysHjPTjjGHb72GDCeEauKRk7wgenlFSCeXeTPcY80aSHPrMN23GTI4i8TOu
VSrCXno4W+xD/NU3qv0wwA7D+bVwCgREJByZP4D1NtFyRpB0vWMDJsSSOiiL
McNy0ORDc1Jq1SH32ZGileyeCeMhjzN91MVY+Itid+fg9cVvetglGEZbABEB
AAHNPU4wdDBSMTBVU1IzTDFDQHByb3Rvbm1haWwuY29tIDxOMHQwUjEwVVNS
M0wxQ0Bwcm90b25tYWlsLmNvbT7CwI0EEAEIACAFAmCY2RMGCwkHCAMCBBUI
CgIEFgIBAAIZAQIbAwIeAQAhCRDu++9w7xpB3BYhBFU824wN78ojvT8xn+77
73DvGkHc0sEH/2oTifvT2AxufcaX2asmnNiEIja0ksJRQO5wlicCWYV9oK+0
uKHtqM4l4b6duQlGmc2ObRKnXLN2g9XBkZU+fM/GtDB5vSayrzKYw+Vk2Kz0
7/RqKAVk/+vd9wY0uUvgmz4ySl64a9OTLpfJ4UkSPka6S8aqB3dJ7QYRAH3w
GeVaCaGTgXaG0/0uePn9BDYke/0EjJhGWngr3waDfPB+LrVMNED9P4O/6JVz
imRHAvaaqlC8myC4C1I3Eh6km6muobxr+ifV4tO3Re7IRcvtgs7/2T921Ybg
NVLeaYNSpNmx9vc7RsRZ+ovH/SP8/tbjuQVtTVcIziM5i3iJkBidX9HOwE0E
YJjZEwEIAJ9++rPICvGK+kmFZsICPhEXO97MbAlwocKpUlV10Cd1MdSvp9iP
CLmaErCTgVxzgAuMUMHf/9lsEJRvcCD/wCmZC2l7HkXAGkyX4YCLyqm+iBGO
gW6fSACVFa44taHUps5DcqdEpL1kEQsDWAjmudUOugAQ75qNIlEW7CRBJPqY
lfSXmq34EcvRPRV57rvw5paGDnOkUKZZOVxeDx+AgNe9GSn9E4MRJWyWad0e
rCs67KJcswbbnkOHGEmOHGYxTGKHHin2NIWBUbqJkHLazuPoCuhlfWCwQmC+
1HHfIOQX77bb/3yO6ldfcVxKixjMUWpJCaQlJr3WVQ4ilFoNC1sAEQEAAcLA
dgQYAQgACQUCYJjZEwIbDAAhCRDu++9w7xpB3BYhBFU824wN78ojvT8xn+77
73DvGkHcTMAH/jCi6/6+r8YeDEPq1hDcnQf6HMtcxA6wJ4zTtCuyJE/SDwUA
GOqw8My7c3QCRgf/QG1QziXRN54Q1NJ7yDvZel4RSvaU39CtdcJS/urmssLP
vg1h9mb+2hA3HsY9fHiHudPyWZE4aqoEPnhon3gvwca3toEMVw8cq3UmZats
ceoi2yytzBf7LSobLheeDqkRG7IwoK7kCcvxgDVE5vaLCmtcI6ndKfwozmj3
ZwLgsljNABUgm0n7oZIiKQ995VHg4KmW2noKH8yw9to6a0Iwn3SXGo+FiODh
HoHR4oW5yes0X6pI7oDo6sP68IswsLccxdIYssn5g3IVD13x43STSfM=
=N0XL
-----END PGP PUBLIC KEY BLOCK-----