Threat Intelligence Research Engineer · XPLG · Tel Aviv, Israel

Adversary profiling, detection engineering, and hands-on security lab work.

I profile adversary behavior, map TTPs to detection candidates, and build tooling to automate the mechanical parts of CTI and reverse engineering. Focus areas: attribution discipline, infrastructure pivoting, hunting hypothesis construction, detection backlog management, and AI-assisted analyst tooling with mandatory human review at every decision point.

About Me Medium blog GitHub Projects & footprint

About

Threat Intelligence Research Engineer at XPLG (enterprise security data platform). Formerly Head of Red Team - Israel Police Cyber Defence Unit. CTI-to-detection practitioner. Profiles adversary infrastructure, maps TTPs to ATT&CK-aligned detection candidates, and ships analyst tooling for CTI and reverse engineering workflows. Based in Tel Aviv, Israel.

Full profile CV Projects

10-Minute Reviewer Paths

Short on time? Pick the path that matches your role. Each route points to the strongest evidence first.

One-page summary

Hiring Managers

Fastest overall read of scope, depth, and evidence.

  1. CV and PDF download
  2. About and experience
  3. Flagship projects
  4. GitHub profile

CTI / Threat Intelligence

Adversary profiling, attribution, and CTI-to-detection methodology.

  1. CTI as a Code
  2. CTI Analyst Field Manual
  3. Operation Desert Hydra
  4. ThreatMapper docs

Detection Engineering

Validated detections, coverage matrices, and hunting content.

  1. Desert Hydra Detection Atlas
  2. Validation Results
  3. Insider Threat Detection
  4. Threat hunting hypotheses

Malware / Tooling

Reverse engineering workflows, cloud scanning, and CLI tools.

  1. AIDebug
  2. stratus-ai
  3. cvss_4.0
  4. All projects

Flagship Projects

Four primary portfolio signals. Deeper domain, lab, and repository lists live on the projects page.

See all ->

AIDebug

AI-assisted malware triage tool with PyPI release: function behavior, ATT&CK candidates, YARA seeds, IOC export, JSON, and HTML reports.

malware analysisPyPIYARA / IOC
GitHubPyPIArticle

ThreatMapper

AI-assisted CTI-to-detection workbench for report ingestion, ATT&CK extraction, actor comparison, Navigator-style views, and analyst reports.

CTIdetection backlogweb platform
Live webDocsGitHub

stratus-ai

Multi-cloud AI security scanner for AWS and GCP attack simulation, CloudTrail/Cloud Audit coverage, finding classification, and remediation output.

clouddetectionAWS / GCP
GitHubArticle

Operation Desert Hydra

Complete CTI-to-detection pipeline with source review, OpenCTI graph, detection atlas, and lab validation against Kibana evidence.

CTI pipelinelab validatedOpenCTI
ProjectGitHubResults

Live Evidence

Six representative screenshots from published research and tools. Full evidence trails are linked from each project.

See all ->

Operation Desert Hydra

Kibana validation for spearphishing attachment detection
Kibana detection PASS Office child process spawn validates T1566.001 logic.
OpenCTI MuddyWater knowledge graph
OpenCTI knowledge graph Intrusion set, tools, malware, and ATT&CK techniques connected.
AIDebug TUI function analysis
AIDebug function analysis Capstone disassembly and FLIRT matching on a real sample.

Malware, Android & Cloud

CFF Explorer PE header analysis
CFF Explorer PE headers, sections, and import table triage.
Android APK ATT&CK mapping output
APK ATT&CK mapping Mobile technique mapping from static analysis output.
stratus-ai findings report
stratus-ai findings Multi-cloud severity classification and remediation output.

Latest

Three recent articles and three current tools. Use Medium and Projects for the full archive.

Updated Jun 2026