Posts

All the articles I've posted.

• Hunting Beyond Indicators

  Published:Oct 17, 2025 |  at 08:57 PM

  I wrote a blog for THOR Collective on the value of hunting beyond Indicators of Compromise.

• Don't Cry Wolf - Evidence-based Assessments of ICS Threats

  Published:Oct 17, 2025 |  at 07:05 PM

  Jimmy Wylie's and my DEF CON'33 talk is now available on YouTube. We discuss the analytical rigor undertaken before claiming a capability is "ICS-specific malware" with some specific examples I found while threat hunting.

• The Bot(net) that Got Away

  Published:Sep 20, 2025 |  at 10:05 PM

  A fun surprise in early August - this website was the target of a DDoS attack! It wasn't very effective, it didn't take my website down nor did I notice at the time.

• The Story of KurtLar_SCADA.exe

  Updated:Apr 8, 2025 |  at 04:05 PM

  Check out my research in uncovering and analyzing a malware named KurtLar_SCADA.exe, a VNC remote access capability targeting Internet-exposed and poorly secured industrial HMIs. This research was covered in a webinar hosted by SANS ICS. Big thanks to them for having me!

• Public Research

  Updated:Apr 8, 2025 |  at 11:43 AM

  Please see this page for complete listing of public research in the form of blogs, whitepapers, and webinars.

• DLL Hijacking Whitepaper

  Published:Feb 8, 2025 |  at 01:05 AM

  Check out a whitepaper I wrote on DLL hijacking - a flexible and commonly used attack technique.