I specialise in incident response, digital forensics, and threat hunting.
My work focuses on understanding how attackers operate, how they break in, and how to stop them with clarity and precision.

What I Do

I investigate security incidents, study adversary behaviour, and design practical approaches to detection and response.
My background spans ransomware cases, targeted intrusions, hands-on forensics, and strategic improvements to security operations.
I enjoy breaking down complex attacks and turning them into actionable insights.

How I Think

I like approaching problems from both sides:

• From the attacker’s point of view to understand intent and technique.
• From the defender’s point of view to craft strong detections and reliable response playbooks.

I regularly work with forensic artifacts, log sources, memory analysis, and custom scripts to deepen visibility.
I publish technical writeups that explore real investigations, TTPs, and lessons learned.

Areas of Interest

• Digital Forensics and Incident Response
• Threat Hunting and behavioural detection
• Windows internals and artifact research
• Adversary tradecraft and TTP analysis
• Automation that improves SOC workflows

Community and Contributions

• Listed contributor on MITRE ATT&CK
• Frequent writer on DFIR topics

🏅 SANS DFIR NetWars Champion
🏅 SANS FOR508 CTF Winner | Lethal Forensicator
🏅 SANS SEC504 CTF Winner
🎓 Certifications: GCIH, GCFA, GX-CS, GX-IH
🎖 GIAC Advisory Board Member