Cybersecurity professional. Threat intelligence analyst. Tool builder.
I track adversaries, write about them, and build the tooling to catch them.
I work across the full threat intelligence cycle, from raw IOC hunting to finished analytical writing. My focus is on APT campaigns, ransomware operations, and the intersection of hacktivism and state-sponsored activity.
On the tooling side, I build utilities that make that work faster: packet analysis, recon automation, and infrastructure I run on my own attack lab.
I publish technical threat intel at Cyber++ in-depth breakdowns of active campaigns, TTPs, and the groups behind them. Past coverage includes Lazarus Group, Medusa ransomware, ScarCruft's Ruby Jumper campaign, and Handala's Stryker wiper.
| Repo | What it does |
|---|---|
| terminalpacketsniffer | CLI packet capture and analysis tool written in Python |
| OSINTMeridian | type a target (domain, IP, org name) and it fans out across every passive source simultaneously; Shodan, crt.sh, VirusTotal, WHOIS, DNS records, GitHub dorking, Wayback Machine |
Offensive Kali Linux · HackTheBox · Nmap · Wireshark · Metasploit
Intelligence OSINT frameworks · IOC analysis · MITRE ATT&CK mapping
Languages Python · Go · Bash
Systems Linux (Arch/Hyprland) · SSH hardening
Certs CompTIA A+ · CS50 Cybersecurity · Security+ (in progress)
Threat intelligence is only useful if it's communicated clearly. That's the whole point of Cyber++.