Available for DFIR consulting & threat intel sharing

Hi, I'm Hung Anh (z3r0w3!)

$

Threat Hunter & Incident Responder specializing in Malware Analysis, Digital Forensics, and Threat Intelligence — hunting APTs, leading IR engagements, and strengthening cyber resilience for 15+ years.

0
Years in cyber defense
0
Certifications earned
0
Incidents responded
z3r0w3i profile photo
scroll

Cyber Defense Profile

Defender by mindset, analyst by craft, responder by choice.

I'm a Threat Hunter & Incident Responder with deep expertise in analyzing complex malware campaigns, conducting digital forensics investigations, and delivering proactive threat intelligence that actually defends networks in the real world.

My work spans SOC operations, DFIR engagements, malware reverse engineering (static & dynamic), and building SIEM detection logic that catches what signature-based tools miss. I'm passionate about adversary emulation — understanding how attackers think to reduce dwell time and exposure.

Holds globally recognized credentials including CHFI v10, JNCIA-Junos, INE eJPT, and multiple Cybersecurity Analyst certs from Google, IBM, and Fortinet. Active contributor to open-source malware IOC feeds and YARA rule sets.

Threat Hunting Incident Response Malware Analysis DFIR Threat Intel Reverse Engineering SIEM / SOC

Work Experience

15+ years spanning cyber defense, cloud infrastructure, and banking operations.

  1. Cyber Security & DevOps Engineer

    Outpost24
    Present Jul 2018 — Now Remote
    • Deployed and operated SaaS security platforms specializing in Security Monitoring, Incident Response, and Threat Hunting.
    • Conducted Vulnerability Assessment and produced Threat Intelligence Reports for enterprise clients.
    • Bridged DevOps and cybersecurity practices to ensure continuous security integration in CI/CD pipelines.

    Delivering enterprise-grade SaaS security operations across global customer environments since 2018.

  2. Offensive Security Researcher

    Government Organization · Vietnam
    Present 2018 — Now Full-time
    • Specializing in Threat Hunting, Incident Response, and Threat Intelligence across government and enterprise environments.
    • Conducted red team operations and adversary emulation to assess and strengthen national-level security posture.
    • Produced classified threat intelligence reports aligned with MITRE ATT&CK framework.

    Red team operations and adversary emulation at the national level — contributing to strategic cyber resilience.

  3. Cloud & Infrastructure Engineer (AWS)

    NashTech
    Nov 2025 Freelance
    • Provided cloud deployment, infrastructure support, and network engineering services on AWS environments.
    • Implemented secure, scalable cloud architectures aligned with AWS Well-Architected Framework.
  4. Cloud & Infrastructure Engineer (AWS)

    GoTyme X
    Mar 2018 — Sep 2021 Full-time
    • Designed, implemented, and managed secure and scalable network solutions on AWS Cloud.
    • Ensured high availability, performance, and operational reliability of cloud-hosted financial services.
    • Collaborated with security teams to enforce IAM policies, VPC segmentation, and encryption standards.

    Delivered secure, highly-available AWS infrastructure underpinning financial-grade services.

  5. Deployment Engineer

    EI CO., LTD
    Oct 2008 — Apr 2018 · 9 yr 7 mo Full-time
    • Implemented and maintained NCR ATM systems including hardware deployment and network configuration.
    • Provided troubleshooting and operational support for banking infrastructure across multiple sites.
    • Coordinated with banking clients to ensure 99.9% uptime of ATM networks.

    Maintained 99.9% uptime across multi-site ATM banking infrastructure for nearly a decade.

Technical Arsenal

Tools and tradecraft forged in real incident response — not slide decks.

SIEM (Splunk / Sentinel KQL) 92%
Malware Analysis & RE 88%
Incident Response (DFIR) 90%
Threat Intelligence (MISP / CTI) 85%
Python / PowerShell Scripting 82%
Forensics (Autopsy / Volatility) 87%

Certifications & Credentials

Vendor-validated expertise in forensics, pentesting, and cloud security.

CHFI v10

EC-Council CHFI v10

Computer Hacking Forensic Investigator

JNCIA-Junos

JNCIA-Junos

Juniper Networks Certified Associate

INE eJPT

INE eJPT

Junior Penetration Tester

Fortinet Certified Associate

Fortinet Certified Associate

Cybersecurity & network security

AWS Certified CloudOps Engineer

Cloud concepts & security

IR & Research

Selected incident response cases and research projects.

Ransomware IR Simulation

Full lifecycle response: containment, forensic acquisition, decryption analysis, and root-cause mapping to MITRE ATT&CK.

Ghidra / RE KAPE Velociraptor

Threat Intelligence Feed

Enriched IOC feed from OSINT + MISP, correlated with SIEM to detect APT infrastructure with <20 min TTD.

Python MISP ThreatQ

Malware Analysis Sandbox

Automated dynamic analysis (CAPE/Cuckoo) + static unpacking. Produced YARA rules for in-the-wild samples.

YARA CAPE IDA Pro

APT Campaign Attribution

Attributed a multi-month intrusion campaign to a known threat actor through TTP correlation and infrastructure pivoting.

MITRE ATT&CK Maltego OSINT

Memory Forensics Toolkit

Volatility-based workflow for rapid identification of injected shellcode, rootkits, and credential dumping artefacts.

Volatility 3 Python Redline

SIEM Detection Engineering

Designed 60+ Sigma / Splunk SPL detection rules mapped to ATT&CK with tuned false-positive suppression playbooks.

Sigma Splunk SPL KQL

Education

Duy Tan University

Bachelor of Information Technology

2006 — 2010

Specialized in Network Security and Software Architecture. Formed a strong foundation in network design, system administration, cryptography, and secure software development.

Network & Info Security
System & Database Admin
Software Engineering
Systems Programming

Let's collaborate.

DFIR consulting, threat intel sharing, malware triage, or blue team reviews — I respond within 24 hours.

Hung Anh (z3r0w3!)

Threat Hunter & Incident Responder

Available

Let's collaborate on DFIR consulting, threat intelligence sharing, malware triage, or blue team infrastructure reviews. I typically respond to all inquiries within 24 hours.