"Mac"

Intro

Collaborative Incident Responder with the ability to partner with executive teams to define and develop solutions.

Experienced security professional with a successful track record of delivering consulting services in the areas of incident response, cyber readiness and digital forensics with direct experience inside public, financial and retail sectors. Solid ability to create cross-functional partnerships to drive effectiveness.

I started hacking at a very young age and managed to stay out of trouble...

Work

"Every Contact Leaves a Trace - Edmond Locard"

My ongoing projects

Parsing forensic host data into elastic

To get more info about my ongoing projects, please visit my Github :)

GitHub/timestomper GitHub/timestomper

A sanitized war story of an incident responder in the trenches

Identities have been changed to protect the client's privacy

"$600 million gone. Just... gone."

That's how my Thursday began at 4am, with a trembling voice on the other end of the phone. "Hi... it's Kartik from IBFC. We've been trying to handle this internally for the past few hours but... we're in over our heads."

As I booted up my laptop, Kartik explained between coffee sips how their blockchain validators had been acting strange for days. It wasn't until a routine audit that they realized the horrifying truth - someone had been silently draining their cross-chain bridges, transaction by transaction.

Initial investigation revealed the attacker had managed to obtain access to five validator private keys - four from the organization's validators and one from a third party. The compromise wasn't detected for six days, during which the attacker orchestrated withdrawals through a complex series of transactions involving multiple chains and DEXs.

Working with blockchain forensics firms and law enforcement, we traced the flow of funds across multiple chains. The attacker had attempted to use various mixing services and cross-chain bridges to obscure the trail, but their patterns started emerging.

72 hours of non-stop investigation later, we had mapped the complete attack chain: A spear-phishing campaign targeting devops engineers led to compromised credentials, which were used to extract the validator private keys from a cloud service.

The incident resulted in significant changes to the organization's validator key management system, including implementation of a more robust MPC-based signing system and enhanced monitoring for suspicious validator behavior.

Sometimes the biggest incidents start with a simple phone call at 4am. But this one? This one would change the way we think about cross-chain security forever.

About

With over a decade of experience in cybersecurity, I specialize in enterprise-scale incident response and digital forensics across both traditional and blockchain environments.

Enterprise Security

• Large-scale forensics hunting across distributed environments
• Cloud-native incident response and threat detection
• Processing billions of telemetry points from cloud workloads to endpoint
• Enterprise endpoint detection and response at scale

Blockchain Security

• Cross-chain bridge security assessments
• Smart contract incident response
• Validator infrastructure security
• Blockchain forensics and transaction tracing

Currently partnering with Fortune 500 companies and major DeFi protocols to enhance their security posture, incident response capabilities, and forensic readiness.

"Security at scale isn't about having all the answers - it's about asking the right questions across petabytes of data."

• Twitter
• GitHub

Elements

i = 0;

while (!deck.isInOrder()) {
    print 'Iteration ' + i;
    deck.shuffle();
    i++;
}

print 'It took ' + i + ' iterations to sort the deck.';