Reverse Engineering Adversary Intent

I triage suspicious binaries, scripts, and documents through a structured static and dynamic analysis workflow—pulling indicators, behaviors, and capabilities out of samples so the SOC can act on real evidence, not assumptions.

Sandbox detonation, memory inspection, and behavioral analysis let me map what a sample does, what it talks to, and what it leaves behind—turning a single artifact into actionable IOCs and detection logic.

The output is always operational: signatures, hunting queries, and clear write-ups that strengthen detection coverage and shorten the next response.