$ whoami

KR4KEN

I work in detection and threat hunting — writing the analytics and running the hunts that surface attacker activity in log and endpoint data. This site is where I keep my notes, projects, and writing.

About

I’m kr4ken, a cybersecurity engineer working in detection engineering and threat hunting. Most of what I do comes down to finding attacker activity that automated tools miss: writing detections, building the data pipelines behind them, and running structured hunts across endpoint and network telemetry.

I also spend time on security research — reverse engineering, malware analysis, and testing defenses to understand how attacks actually work. When it’s useful, I turn that into things other people can reuse: detections, small tools, and clear documentation.

Outside of that I build tooling and run a home lab I use for testing and research. This site collects the work and writing I think is worth sharing.

Detection
engineering & analytics
Threat
hunting & response
Research
reverse engineering

What I work on

Threat Hunting

Structured, hypothesis-driven hunts across endpoint and network data to find activity that automated alerts don’t catch.

  • behavioral analysis
  • EDR / SIEM
  • ATT&CK mapping

Detection Engineering

Writing detections that are accurate and easy to act on, and keeping them tuned as environments change.

  • detection-as-code
  • sigma / queries
  • alert tuning

Security Research

Reverse engineering, malware analysis, and testing defenses to understand how attacks actually work.

  • malware analysis
  • reverse engineering
  • adversary emulation

Tooling & Infra

Automation, a home lab, and data pipelines that make hunting and research repeatable.

  • automation
  • home lab
  • data pipelines

Recent posts