> SOC Analyst · DFIR Specialist · Malware Analyst
SOC Analyst at El Al Israel Airlines.
Investigating threats. Finding what others miss.
20+ tools. 119 rooms. Top 2%.
SOC Analyst at El Al Israel Airlines, hunting threats across one of the most targeted industries in the world. My focus is DFIR, malware analysis, and threat intelligence — not as checkboxes, but as a way of thinking.
Three years of self-driven study converted into real investigations, real incidents, and 20+ tools built from scratch — because when the right tool doesn't exist, you build it. From automated IOC enrichment pipelines to full PCAP analysis frameworks, every tool came from a real gap in a real workflow.
A few years ago I was standing on a candy factory floor. No degree. No connections. No roadmap. Just an obsession with understanding how things work and an unwillingness to stay where I was. I taught myself everything — every tool, every technique, every late night lab — until the factory was a memory and the SOC was the reality.
From the production line to protecting an airline. That's not a career path. That's a mindset.
Full interactive PCAP analysis framework with 17 analysis modules. Built for real SOC workflows — point it at a capture file and get deep forensic intel instantly.
Automated IOC enrichment pipeline with Telegram bot interface. Integrates VirusTotal, OTX, MalwareBazaar, AbuseIPDB and more. IDN homograph detection + typosquat scoring against 40+ brands. 4-tier verdict system.
Python tool wrapping Snort 3 with automatic rule downloading and color-coded verdicts. Automates the full pipeline: download rules → install Snort → run → parse → verdict. Clean CLI, no noise.
Fast hash-based IOC sweep for DFIR investigations. Scans a target system against a predefined hash database and returns confirmed matches with full file paths. Built for speed in live incident response.
Windows forensic collection script for rapid incident response triage. Collects host info, running processes, persistence mechanisms (Run keys, Startup, SafeBoot), PowerShell history, and scheduled tasks into categorized folders.
Published deep-dive malware analysis report on WannaCry ransomware. Covers static and dynamic analysis, kill switch mechanism reverse engineering, encryption analysis, and full IOC extraction.
Fully structured Windows DFIR investigation environment organized into 9 forensic categories: Acquisition & Mounting, Memory Analysis, Network Forensics, Persistence Analysis, Artifact Analysis, Threat Hunting, Forensic Suites, Specialized Tools, and more. 15+ specialized tools deployed and ready for live investigations.
Full static and dynamic analysis of the WannaCry ransomware. Reverse engineered the kill switch mechanism using IDA Pro, traced the EternalBlue exploitation chain, extracted encryption keys, and built a custom YARA rule set. Published on LinkedIn.
Read on LinkedIn → Tool Build · Network Forensics17-module interactive PCAP analysis framework built for real SOC workflows. Each module came from a real gap: credential extraction, ARP duplicate detection, OS fingerprinting, GeoIP on suspicious IPs, VirusTotal upload, malware carving. Point it at a capture file, get forensic intel back in seconds — no manual tshark gymnastics.
View on GitHub → Tool Build · Threat IntelligenceAutomated IOC enrichment pipeline with a Telegram bot as the interface. Submit an IP, URL, domain, or hash — it queries VirusTotal, OTX, MalwareBazaar, Pulsedive, URLScan, and ThreatFox simultaneously and returns a structured 4-tier verdict. Includes IDN homograph detection and Levenshtein-based typosquat scoring against 40+ brands. Hosted on n8n Starter for always-on cloud execution.
View on GitHub → Tool Build · Network ForensicsThe gap: Snort 3 is powerful but takes 15 minutes to set up for every PCAP you want to scan. So I automated the entire pipeline — rule download, Snort install, execution, result parsing, and color-coded verdict output. One command, zero friction.
View on GitHub →Open to connecting with security professionals, researchers, and anyone interested in collaboration. Whether it's tools, investigations, or just talking cyber — reach out.
Send me an email →