⟩ Specialized Expertise
6+ YRS · REVERSE ENGINEERING · CTI
Malware Analysis & Threat Intelligence
6+ years reverse-engineering real-world malware and producing actionable threat intelligence — YARA/Sigma rules, IOC feeds and MITRE ATT&CK-mapped reports that ship straight into client SOCs.
What I deliver
- Static + dynamic sandbox analysis
- Unpacking & deobfuscation
- YARA & Sigma rule authoring
- IOC extraction and threat reporting
⟩ real-world projects
Selected engagements
Sanitized highlights from real client work — approach, the bug we found, and the fix shipped. Names redacted under NDA.
01
Reversed custom .NET loader dropping AsyncRAT — published YARA + Sigma rules adopted by client SOC
02
Memory forensics on ransomware incident — Volatility3 timeline pinned patient-zero in 4 hours
03
Unpacked Themida-protected sample for APT IR — extracted C2 config, attribution to known TA
⟩ common vulnerabilities & how I find them
Top bugs I hunt — and the steps
The recurring weaknesses I see in this domain, with the repeatable workflow I run from discovery to fix.
01
HighPacked / Obfuscated Loader
- STEP 1Triage with PEStudio + CAPA for capabilities and packer signatures
- STEP 2Detonate in isolated sandbox, capture unpacked memory image
- STEP 3Reconstruct OEP / dump with Scylla, fix imports
- STEP 4Author YARA + Sigma based on stable strings + behavior
02
CriticalC2 / Beacon Discovery
- STEP 1Extract network IOCs from PCAP + memory
- STEP 2Decode config block (RC4/AES keys, sleep, jitter)
- STEP 3Map to known families via signature overlap
- STEP 4Push IOCs + Sigma to SIEM, validate with retroactive hunt
⟩ arsenal
Tools & frameworks
Ghidra
Reverse Engineering
IDA
Disassembler
x64dbg
Windows Debugger
Cuckoo
Malware Sandbox
Any.Run
Malware Sandbox
REMnux
Malware Toolkit
PEStudio
PE Analysis
YARA
Pattern Matching
Volatility3
Memory Forensics
Radare2
Reverse Engineering
Binary Ninja
Disassembler
FLOSS
String Extraction
CAPA
Capability Detection
DnSpy
.NET Debugger
⟩ engage
Need malware analysis & threat intelligence expertise?
⟩ related
More in Specialized Expertise
VAPT & WAPT
6+ years leading 100+ real-world projects, identifying critical vulnerabilities in complex enterprise networks and web applications.
SOC Operations
6+ years managing L1/L2/L3 SOC operations for numerous clients, detecting and responding to advanced threats in real-time.
AI & GenAI Security
6+ years pioneering AI/GenAI security assessments, uncovering novel vulnerabilities in LLMs and securing AI-driven architectures.