> _ MY WORK
Training, research, and security projects I've worked on.
Training
Black Hat MEA 2024 – Threat Hunting
Riyadh, Saudi Arabia
I delivered hands-on threat hunting training at Black Hat MEA, focusing on practical methodologies to detect advanced threats, including techniques used by nation-state actors like APT29.
Research & Projects
Ludus Cyber Range
I built a scalable home cyber range using Ludus (on Proxmox) to automate the deployment of full enterprise infrastructure.
- Used Ansible and Packer for image automation, host configuration, and security tool deployment.
- Deploys 20-30-machine fully configured enterprise environments in hours, not weeks.
- Integrated ELK, Splunk, Elastic Defend EDR, and SCCM for realistic telemetry and operations.
- Running end-to-end attack simulations, full investigations, and validating custom detection logic against real attacker behavior.
- Building CTF challenges based on real-world scenarios.
APT29 End-to-End Adversary Emulation
A full-scope adversary emulation and DFIR project simulating APT29 (SVR) operations.
- Built a multi-subnet lab (DMZ, IT segments) with a dedicated Blue Team stack (SIEM, EDR, etc).
- Deployed Elastic/Splunk SIEM, PfSense, and Velociraptor for defense and monitoring.
- Simulated APT29 access via TeamCity CVE-2024-27198 (based on CISA advisories), executed the full attack chain, then performed the post-compromise investigation.
- Wrote a detailed technical article on the investigation methodology: here.
CTF Development
I create CTF challenges for major platforms and events. My focus is on building scenarios that are as realistic as possible, closely mirroring the techniques and evidence you would encounter in real investigations.