Hey DEV
I am David, 32, independent security researcher from Germany. I build things, break things, and write about both.
What I do
- ICS/SCADA honeypot research — I run honeypots that emulate industrial control systems (SCADA/HMI, Modbus, MQTT, NMEA/AIS) and analyze what attacks them
- Malware reverse engineering — Ghidra, radare2, binary analysis, threat intelligence production
- Intelligence platforms — I built Konpeki, a maritime domain awareness system tracking vessels and aircraft across the Norwegian coast using AIS and ADS-B data, running on a 4-server fleet in Helsinki
-
Causal knowledge graphs — developing a binary format (
.causal) and inference engine for AI-native knowledge representation - Cryptanalysis tooling — built CASI (Causal Amplification Security Index), a statistical black-box cipher validation tool on PyPI
What I will be posting about
- Malware analysis writeups from real honeypot captures — recently caught P2Pinfect targeting SCADA infrastructure, did a 16-phase deep dive with Ghidra
- Reverse engineering war stories
- Building intelligence systems with Python, SQLite, and too many cron jobs
- Security research at the intersection of IT and OT
Tech stack
Mac Mini M4 (lol)
First real post coming soon — a deep dive into P2Pinfect variants captured on industrial honeypots, including a rootkit that was first submitted to VirusTotal from this research.