Diploma

2012 - 2016

High School

Front-End Development

2019 - 2020

Kenzie Academy

Learned the fundamentals of front end web development along with back end technologies such as Node.js, working with APIs, and other web development concepts.

Practical Malware Analysis & Triage

2022

TCM Security

Completed TCM Security's practical course on malware analysis and triage, topics include:

• Safety Always! Build good habits for handling malware safely and create an analysis lab.
• Safe Malware Sourcing. Learn where to source malware samples safely (no need for the dark web!).
• Basic Analysis. Learn basic analysis methodology, including interpreting strings, inspecting Windows API calls, identifying packed malware, and discovering host-based signatures. Then, detonate malware to collect network signatures and identify malicious domains and second-stage payloads!
• Intro to the x86 Assembly Language. Dip your toes into the low-level world of Assembly Language! Learn the foundations of x86 Assembly and use it to perform advanced analysis.
• Advanced Analysis. Use sophisticated tools like Cutter and x32dbg to discover key insights about malware samples at the lowest possible level. Control the execution flow of a program and manipulate its low-level instructions in a debugger.
• Gone Phishing. Learn to analyze malicious documents and document-delivered malware, including malicious macros and remote template injections.
• What the Shell? Learn to identify and carve out embedded shellcode.
• Off Script. Identify scripted, obfuscated malware delivery techniques that use PowerShell and Visual Basic Script.
• Stay Sharp. Decompile and reverse engineer C# assemblies and learn about reverse-engineering the .NET Framework! Then, reverse engineer an encrypted malware C2 dropper back to near-perfect original source code with DNSpy!
• Go Time. Learn the analysis considerations of malware written in Go.
• Get Mobile! Use MobSF to reverse engineer malicious Android applications.
• The Bossfight! Use everything you have learned to do a full analysis of one of the most infamous malware samples in history.
• Automating the Process. Use Jupyter Notebooks and malware sandboxes to automate the analysis process.
• Tell the World! Write YARA rules to aid in the detection of malware samples and learn how to write effective analysis reports to publish findings.

Malware Prevention Reverse Engineer

2022

Bank of America

The Malware Prevention Teams' aim is to reduce risk across Bank of America by using existing or establishing robust cyber-hacking and malicious code containment activities for the security, safeguarding, continuity, and confidentiality of information of Bank of America. They are looking for an advanced-level analyst that has experience with threat actor tracking, malware analysis, and reverse engineering of malware. They will be part of a Malware Prevention sub-team team that focuses on malware research and analysis.

Responsibilities include, but are not limited to:

• In-depth analysis of malware, including authoring analysis reports.
• Tracking malware campaigns, malicious actors, and related infrastructure.
• Creation of tools and scripts to assist in the analysis of malware analysis.
• Field escalations of potentially malicious files and websites from teams within Malware Prevention.
• Experience using the industry standard platforms such as Proofpoint TAP, CrowdStrike Falcon, Trellix Malware Analysis Dashboard, VMWare NSX, and more to bolster email security defenses, and enhance endpoint security through real-time threat detection, automated response, and proactive threat hunting.

Threat Analyst Intern

2022-2022

IronNet

Our mission is simple:

Deliver the power of collective cybersecurity to defend companies, sectors, and nations. For decades, companies have been defending against cyberattacks on their own while adversaries have been organizing themselves into sophisticated hacker networks, until now with IronNet Collective Defense. Bringing together some of the best minds in cybersecurity and an unmatched team of experts from industry, government, and academia, IronNet was born to more effectively defend enterprises, sectors, and nations against highly organized cyber adversaries and increasingly sophisticated attacks. As an intern, my responsibles are to:

• Research and create lead generation queries for C2 frameworks.
• Analyze C2 servers.
• Create queries.
• Analyze analytic results for additional use cases.
• Develop hunt queries for open search.
• Create common queries that look for malicious use.

Teaching Assistant (Volunteer)

2022 - 2022

Binary Defense

This class is designed for technical security personnel who wish to gain skills in reverse-engineering malicious software for Windows operating systems. Although no prior experience is required to take the class, students who have some programming experience in C or another language will find it easiest to participate fully. The class will focus on disassembly analysis of compiled 32-bit DLL files written in C but may also touch on scripting languages such as PowerShell and Visual Basic that are used to deliver compiled malware payloads. Students will learn practical analysis and report writing techniques to pull the most useful information out of malware that can help inform threat hunting and detection engineering efforts and communicate that information effectively. During the course of this class, learners will have the opportunity to gain the following skills, if they choose to participate fully:

• Using Microsoft Windows 11 Developer VM (free) and Visual Studio 2022 (free), write and compile a very simple DLL file for Windows in C that writes content to a file on disk.
• Run DLL files from the command line using rundll32.
• Using IDA Free 7, perform static code analysis of a very simple DLL file and explain its purpose.
• Using x32dbg, set breakpoints and step through running the instructions of a simple DLL file via rundll32.
• Create a Microsoft 365 Developer Tenant (free) for testing MS Teams, etc.
• Use vcpkg to install static libraries for Libcurl and cJSON in Visual Studio 2019.
• Modify the C code of a simple DLL project to send a simple message through Microsoft Teams via a webhook URL.
• Using IDA Free and x32dbg, analyze the new version of the DLL and find the instructions responsible for network connections.
• Using C source code provided by the instructor, modify the DLL project to be a typical Remote Access Trojan (RAT) capable of running commands, listing files and processes, and reporting the output to a Command-and-Control server.
• Modify the DLL to allow execution using rundll32, regsvr32, and msiexec.
• Using IDA Free and x32dbg, analyze the relevant portions of the RAT to identify the main command loop, commands recognized, network connections, and behavior-based indications of compromise that could be used by threat hunters and security engineers.
• Write a tactical malware analysis report, focusing on actionable details.
• Provide constructive feedback to another student about their malware analysis report.
• Analyze another student’s version of the DLL with a few minor modifications and identify the relevant changes in functionality added by the other student.
• Using strings and FLOSS, extract strings from a compiled executable file.
• Using Python and C source code provided by the instructor, modify the DLL file to XOR encode some of the strings in the DLL project.
• Using IDA Free, analyze the XOR decoding function in another student’s DLL to find the key bytes and decode the encoded strings.
• Using C code provided by the instructor, modify the DLL project to detect when it is being run in a virtual machine or debugger, causing the DLL to modify its behavior when analyzed.
• Using IDA Free and x32dbg, recognize the anti-analysis code in the DLL and patch the instructions to bypass the protections and analyze it anyway.