Michael K.

About

Founder of IntelOps & CTI, Threat Intelligence, Adversary Hunting.

Experience

• Founder at Intel-Ops
  Dec 2023 - Present · 2 yrs 7 mos

• Threat Researcher - Adversary Hunter at In my spare time
  Jan 2021 - Dec 2023 · 3 yrs

  - Monitoring Threat Actors Cobalt Strike C2 Infrastructure with Shodan - Hunting Cobalt Strike C2 with Shodan - Hunting “Legit” Red Teams C2 Infrastructure - Mapping and Pivoting from Cobalt Strike C2 Infrastructure Attributed to CVE-2021-40444 - Conti TTPs using Atomic Red Team and Detection Lab & C2 Infrastructure Hunting - Cobalt Strike Hunting, Red Teams/Threat Actors TTPs - Conti Ransomware Group Cobalt Strike C2 Analysis & Persistence (Anydesk, Atera, Splash) - Cobalt Strike Hunting — Malleable C2 jQuery profile & rundll32 Analysis - Cobalt Strike Hunting — DLL Hijacking/Attack Analysis - Cobalt Strike PowerShell Payload Analysis - Cobalt Strike Hunting — simple PCAP and Beacon Analysis - Attack Analysis - Cobalt Strike C2 & Hancitor Malware - Pointer: Hunting Cobalt Strike globally (collaboration with P.Shabarkin) - Adversaries Infrastructure-Ransomware Groups, APTs, and Red Teams - Sliver C2 Implant Analysis - Malicious DLL Analysis I have contributed and shared my research with [email protected] (https://threatfox.abuse.ch/user/39004/), ET Labs (Emerging Threats), and other Threat Intel platforms and developed a tool/methodology (Golang/AWS/Lambda/Shodan collaboration with P.Shabarkin) to identify exposed Cobalt Strike C2's. My work was referenced in various blogs (BlackBerry: Finding Beacons In The Dark: A Guide To Cyber Threat Intelligence, The DFIR Report: Cobalt Strike Defenders Guide, etc), MITRE ATT&CK, Hutching Triage, US HHS.GOV Health Sector Cybersecurity Coordination Center (HC3), Malpedia, CERT-Bund/Federal Computer Emergency Response Team of Germany, Team Cymru, Morphisec: Logs4j Hits Agan, Red Canary Threat Detection Report 2023 and conferences (Japan Security Analyst Conference 2021 and SANS Threat Hunting Summit 2021).

• Senior Consultant at EY
  Jan 2021 - Dec 2021 · 1 yr

  Pentesting web/mobile/desktop apps & infra/cloud. Red Team assessments. Internal & external pentesting.

• Associate Director, Threat and Vulnerability Management at IQVIA
  Sep 2020 - Dec 2020 · 4 mos

  Responsible for Threat and Vulnerability Management

• Associate Director, Threat Detection & Response at CLS Group.
  Dec 2017 - Sep 2020 · 2 yrs 10 mos

  CLS Group is a specialist US financial institution that provides settlement services to its members in the foreign exchange market (FX). With more than 25,000 third-party participants also using our services, CLS Group settles USD5.5 trillion of payments on an average day. Key responsibilities: ➤ Security Monitoring/SIEM/IDS/IPS/WAF/DLP/EDR. ➤ Incident Response/Attack Analysis. ➤ Vulnerability Management/Vulnerability Scanning. ➤ Threat Hunting/Threat Response/Threat Intel. ➤ Purple Teaming/Adversary Emulations. ➤ Malware Analysis/Reversing.