// whoami

Hi,

I'm a DFIR & malware analyst, currently working as a senior DFIR & Malware Analyst and previously at Airbus Protect for nearly four years. My day-to-day revolves around incident response, malware reverse engineering and threat hunting. I also teach offensive security and malware analysis at university level.

I'm open to any fruitful (and legal) collaboration related to DFIR, reverse engineering or malware.

// experience

Senior DFIR & Malware Analyst - Freelance - Confidentiel , FR
May 2025 - Present
  • Windows & Linux forensic analysis
  • Cold, live and memory analysis
  • Incident response coordination across single or multi-infrastructure incidents
  • Malware analysis for IR and triage: dropper, loader, shellcode, stealer
  • Detection rule creation
  • Threat hunting
  • SOAR deployment and development for automation
  • Security alert triage & log parsing
DFIR & Malware Analyst - Airbus Protect , FR
Jul 2022 - Apr 2025
  • Forensic analysis on Docker, Windows and Linux systems
  • Cold, live and memory analysis
  • Large-scope incident response leadership
  • IR on critical and emergency public infrastructure requiring immediate out-of-hours intervention
  • IR on emergency public infrastructure targeted by a threat actor - collaboration with public services on a European-scale investigation
  • IR on 6 ransomware cases across large perimeters
  • Threat hunting activity on sensitive perimeters
  • Malware analysis for IR, CTI and SOC teams: ransomware, spyware, dropper, loader, shellcode, driver, C2, stealer - including packers (Themida, custom) and obfuscation (PEB parsing, API hashing, direct syscall…)
  • Detection rule creation: Yara, KQL (MDE), XQL (Cortex XDR)
  • Threat hunting on Splunk, MDE and Cortex XDR
  • R&D: malware development, compromise technique research for SOC detection improvement, IR tooling, Splunk dashboard automation, rootkit & bootkit study
SOC Analyst - Airbus Protect , FR
Sep 2021 - Jun 2022
  • Security incident analysis and investigation
  • Alert triage and qualification
  • Built a Splunk application with multiple dashboards for threat hunting automation
  • Technical lead on the N1 analyst task automation project
IT Security Teacher - University & IT schools , FR
Mar 2021 - Present
  • Introduction to pentesting
  • Setting up a pentest lab for students
  • Malware analysis courses
  • Development of custom malware for hands-on teaching

// certifications

GIAC GCFA - Certified Forensic Analyst 2025
OSED - OffSec Exploit Developer 2023