This blog shares simple and clear insights about malware analysis and threat intelligence, focusing on real cases, attacker tools, and research findings.

👋 $whoami

I am a Senior Threat Intelligence Analyst with experience in tracking advanced malware and APT groups. I have worked with international law enforcement on joint operations and presented multiple research findings at cybersecurity conferences.

🎤 My Talks

• VirusBulletin 2024 (Dublin) – Origins of a Logger – Agent Tesla
  How Agent Tesla and Origin Logger were built and evolved.

• X33FCON 2023 (Gdynia) – Wizard Spider: Operational Environment
  Shared how Wizard Spider connects with Trickbot, Ryuk, Lockbit, and FIN7.

• VirusBulletin 2023 (London) – The Evolution of TA551
  Explained how TA551 sells access to ransomware groups like Conti and distributes BEC e-mails with Mailchecker.

• BOTCONF 2023 (Strasbourg) – TA551’s Supply Chain Attack
  Showed how TA551 attacked a global IT training and certification company.

• C4DT – EPFL 2023 (Switzerland) – TA551’s Supply Chain Attack
  Gave a talk about TA551’s ongoing supply chain campaign.

• Global Initiative Podcast 2023 (London) – Deep Dive: Exploring Organized Crime
  Talked about the rise and fall of the Conti ransomware group.

• BOTCONF 2022 (Nantes) – Behind the Scenes of QBot
  Presented deep research on the QBot malware infrastructure.

🏆 Achievements

• 🥈 Locked Shields 2025 (NATO) – 2nd place representing Türkiye (Malware & DFIR team)
• 🥉 Locked Shields 2024 (NATO) – 3rd place representing Türkiye (Malware & DFIR team)
• 🎓 Certified Threat Intelligence Analyst (EC-Council)