I’m kr4ken, a cybersecurity engineer working in detection engineering and threat hunting. Most of what I do comes down to finding attacker activity that automated tools miss: writing detections, building the data pipelines behind them, and running structured hunts across endpoint and network telemetry.
I also spend time on security research — reverse engineering, malware analysis, and testing defenses to understand how attacks actually work. When it’s useful, I turn that into things other people can reuse: detections, small tools, and clear documentation.
Outside of that I build tooling and run a home lab I use for testing and research. This site collects the work and writing I think is worth sharing.
Structured, hypothesis-driven hunts across endpoint and network data to find activity that automated alerts don’t catch.
Writing detections that are accurate and easy to act on, and keeping them tuned as environments change.
Reverse engineering, malware analysis, and testing defenses to understand how attacks actually work.
Automation, a home lab, and data pipelines that make hunting and research repeatable.