My name is Jonathan, and I am a Cyber Security Researcher. My goal is to work my way into becoming a malware analyst and exploit developer, I am currently pursuing the GIAC: GREM certification along with a few other certifications. I have experience with malware analysis, reverse engineering, OSINT, penetration testing and software engineering.
- Phone: +1(240) 547 9946
- Location: Maryland, USA
- Email: [email protected]
- Employment Status: Employed
- Has conducted vulnerability research/assessment (MITRE ATT&CK, Nessus)
- Experience with .NET UI Development (Winforms)
- Experience working with API's
- Experience with Google Dorking
- Understands Linux fundamentals
- Experience mapping networks with NMAP
- Experience exploiting vulnerabilities with Metasploit
- Experience developing and automating security tools with Python and C#
- Understands HTTP fundamentals
- Experience with Virtual Machines (Hyper-V, Virtual Box, VMware ESXi, Proxmox)
- Understands Networking Concepts (TCP/IP - OSI)
- Experience conducting Static and Dynamic Malware Analysis and tools such as Ghidra, x64dbg, IDA, Wireshark, Radare2, and Sysinternals
- Experience reading and writing Assembly Experience conducting reverse engineering
- Experience with XSS Experience with SIEM (Splunk)
- Has experience with OSINT, IMINT, GEOINT, and Reconnaissance
- Experience with building security tools and automation (Python)
- Experience with ISAC to gather threat intelligence and collect IOCs
- Experience with Technical Writing
- Experience with JIRA and Confluence
- Knowledge of Digital Forensics
- Has fundamental knowledge of SQL database querying and working with Firebase
- Laurel, MD
- (240) 547-9946
- [email protected]
2012 - 2016
2019 - 2020
Learned the fundamentals of front end web development along with back end technologies such as Node.js, working with APIs, and other web development concepts.
Practical Malware Analysis & Triage
Completed TCM Security's practical course on malware analysis and triage, topics include:
- Safety Always! Build good habits for handling malware safely and create an analysis lab.
- Safe Malware Sourcing. Learn where to source malware samples safely (no need for the dark web!).
- Basic Analysis. Learn basic analysis methodology, including interpreting strings, inspecting Windows API calls, identifying packed malware, and discovering host-based signatures. Then, detonate malware to collect network signatures and identify malicious domains and second-stage payloads!
- Intro to the x86 Assembly Language. Dip your toes into the low-level world of Assembly Language! Learn the foundations of x86 Assembly and use it to perform advanced analysis.
- Advanced Analysis. Use sophisticated tools like Cutter and x32dbg to discover key insights about malware samples at the lowest possible level. Control the execution flow of a program and manipulate its low-level instructions in a debugger.
- Gone Phishing. Learn to analyze malicious documents and document-delivered malware, including malicious macros and remote template injections.
- What the Shell? Learn to identify and carve out embedded shellcode.
- Off Script. Identify scripted, obfuscated malware delivery techniques that use PowerShell and Visual Basic Script.
- Stay Sharp. Decompile and reverse engineer C# assemblies and learn about reverse-engineering the .NET Framework! Then, reverse engineer an encrypted malware C2 dropper back to near-perfect original source code with DNSpy!
- Go Time. Learn the analysis considerations of malware written in Go.
- Get Mobile! Use MobSF to reverse engineer malicious Android applications.
- The Bossfight! Use everything you have learned to do a full analysis of one of the most infamous malware samples in history.
- Automating the Process. Use Jupyter Notebooks and malware sandboxes to automate the analysis process.
- Tell the World! Write YARA rules to aid in the detection of malware samples and learn how to write effective analysis reports to publish findings.
Threat Analyst Intern
- Research and create lead generation queries for C2 frameworks.
- Analyze C2 servers.
- Create queries.
- Analyze analytic results for additional use cases.
- Develop hunt queries for open search.
- Create common queries that look for malicious use.
Our mission is simple:
Deliver the power of collective cybersecurity to defend companies, sectors, and nations. For decades, companies have been defending against cyberattacks on their own while adversaries have been organizing themselves into sophisticated hacker networks, until now with IronNet Collective Defense. Bringing together some of the best minds in cybersecurity and an unmatched team of experts from industry, government, and academia, IronNet was born to more effectively defend enterprises, sectors, and nations against highly organized cyber adversaries and increasingly sophisticated attacks. As an intern, my responsibles are to:
Teaching Assistant (Volunteer)
2022 - 2022
- Using Microsoft Windows 11 Developer VM (free) and Visual Studio 2022 (free), write and compile a very simple DLL file for Windows in C that writes content to a file on disk.
- Run DLL files from the command line using rundll32.
- Using IDA Free 7, perform static code analysis of a very simple DLL file and explain its purpose.
- Using x32dbg, set breakpoints and step through running the instructions of a simple DLL file via rundll32.
- Create a Microsoft 365 Developer Tenant (free) for testing MS Teams, etc.
- Use vcpkg to install static libraries for Libcurl and cJSON in Visual Studio 2019.
- Modify the C code of a simple DLL project to send a simple message through Microsoft Teams via a webhook URL.
- Using IDA Free and x32dbg, analyze the new version of the DLL and find the instructions responsible for network connections.
- Using C source code provided by the instructor, modify the DLL project to be a typical Remote Access Trojan (RAT) capable of running commands, listing files and processes, and reporting the output to a Command-and-Control server.
- Modify the DLL to allow execution using rundll32, regsvr32, and msiexec.
- Using IDA Free and x32dbg, analyze the relevant portions of the RAT to identify the main command loop, commands recognized, network connections, and behavior-based indications of compromise that could be used by threat hunters and security engineers.
- Write a tactical malware analysis report, focusing on actionable details.
- Provide constructive feedback to another student about their malware analysis report.
- Analyze another student’s version of the DLL with a few minor modifications and identify the relevant changes in functionality added by the other student.
- Using strings and FLOSS, extract strings from a compiled executable file.
- Using Python and C source code provided by the instructor, modify the DLL file to XOR encode some of the strings in the DLL project.
- Using IDA Free, analyze the XOR decoding function in another student’s DLL to find the key bytes and decode the encoded strings.
- Using C code provided by the instructor, modify the DLL project to detect when it is being run in a virtual machine or debugger, causing the DLL to modify its behavior when analyzed.
- Using IDA Free and x32dbg, recognize the anti-analysis code in the DLL and patch the instructions to bypass the protections and analyze it anyway.
This class is designed for technical security personnel who wish to gain skills in reverse-engineering malicious software for Windows operating systems. Although no prior experience is required to take the class, students who have some programming experience in C or another language will find it easiest to participate fully. The class will focus on disassembly analysis of compiled 32-bit DLL files written in C but may also touch on scripting languages such as PowerShell and Visual Basic that are used to deliver compiled malware payloads. Students will learn practical analysis and report writing techniques to pull the most useful information out of malware that can help inform threat hunting and detection engineering efforts and communicate that information effectively. During the course of this class, learners will have the opportunity to gain the following skills, if they choose to participate fully: