WannaCry Ransomware: Static Triage, Kill Switch Logic, and MS17-010 Lessons
A real-world malware analysis case study of WannaCry, focusing on its SMBv1 propagation, kill switch behavior, and defensive lessons from the 2017 outbreak.
Security Research
Cybersecurity Researcher
Independent cybersecurity research on Windows internals, Active Directory, malware analysis, and offensive security techniques.
In-depth analysis of offensive and defensive security topics
A real-world malware analysis case study of WannaCry, focusing on its SMBv1 propagation, kill switch behavior, and defensive lessons from the 2017 outbreak.
A defender-focused deep dive into Kerberoasting mechanics, detection opportunities, and hardening recommendations for enterprise Active Directory environments.
Analyzing how Windows access tokens enable local privilege escalation through SeImpersonatePrivilege abuse and modern Potato-family exploits.
Featured Project
A lightweight platform for managing, testing, and deploying YARA rules across enterprise endpoints with version control and false-positive tracking.
Kernel structures, process internals, and Windows security architecture.
2 articles
Identity attacks, Kerberos, LDAP, and enterprise lateral movement.
1 article
Static and dynamic analysis of binaries and firmware.
1 article
Dissecting malicious code, C2 protocols, and evasion techniques.
2 articles
AWS, Azure, GCP misconfigurations and cloud-native threats.
1 article
Privilege escalation, container escape, and Linux forensics.
1 article
Application security, HTTP smuggling, and modern web attacks.
2 articles
Cryptographic protocols, implementation flaws, and key management.
A real-world malware analysis case study of WannaCry, focusing on its SMBv1 propagation, kill switch behavior, and defensive lessons from the 2017 outbreak.
A defender-focused deep dive into Kerberoasting mechanics, detection opportunities, and hardening recommendations for enterprise Active Directory environments.
Analyzing how Windows access tokens enable local privilege escalation through SeImpersonatePrivilege abuse and modern Potato-family exploits.
Practical guide to memory forensics using Volatility 3 plugins to identify process injection, credential artifacts, and attacker tooling in RAM dumps.
A practical framework for writing maintainable YARA rules that minimize false positives while catching real-world malware families.
Systematic approach to identifying and exploiting common Linux privilege escalation vectors including SUID binaries, capabilities, and cron misconfigurations.