## about dfir.buzz

Security engineering,
DFIR, and whatever
CTI thread I can't drop.

A security engineer writing about the things that actually interest them. Incidents, threat intelligence, tooling, opinions. Sometimes all four in the same post.

## A NOTE FROM THE AUTHOR

I’m a security engineer with an extensive DFIR background. CTI keeps me up at night — following a campaign, chasing an infrastructure pivot, trying to understand not just what happened but why. This is where I write about whatever I find interesting: incidents, threat intelligence, tooling, opinions, the occasional rabbit hole I couldn’t leave alone.

Not everything will be hyper-technical. Some posts are case studies, some are observations, some are just things I think the security community should be talking about more. The common thread is that I wrote it because I genuinely cared about it, not because it fit a content calendar.

SECURITY ENGINEER · DFIR · CTI

## WHAT YOU'LL FIND HERE

Whatever I'm
currently into.

CTI

Threat Intelligence

Campaigns, actor behaviour, infrastructure analysis. The thing that keeps me up.

DFIR

Forensics & IR

Incident cases, memory forensics, log analysis, timeline reconstruction.

ENG

Security Engineering

Detection, architecture, tooling, and the gap between theory and production.

MAL

Malware & Techniques

When something interesting crosses my desk and is worth documenting properly.

OPN

Opinions

Things happening in the industry I have thoughts on. Not every post needs a YARA rule.

ETC

Everything Else

Adjacent topics, rabbit holes, book recommendations, whatever I can't stop thinking about this week.

## GET IN TOUCH

Something to share
or discuss?

What I’m interested in

If you’ve worked something interesting — an incident, a campaign, a detection that took months to get right — reach out. The bar is simple: would this have changed how you approached the problem if you’d read it six months earlier?

CTI leads, campaign overlaps, infrastructure pivots
Incident cases worth documenting (redacted is fine)
Malware or technique deep dives with primary analysis
Detection gaps — things that should fire and don’t
Tooling and engineering war stories
Corrections — if something I wrote is wrong, please say so

What I’m not interested in

Vendor pitches or product announcements
AI-generated or AI-assisted analysis
Attribution claims without supporting evidence

hello@dfir.buzz →

Contact & tip line

# secure contact · TLP:GREEN

email: tips@dfir.buzz

mastodon: @dfirbuzz@infosec.exchange

signal: on request via email

anon: dfir.buzz/dropbox

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGVx...A21F09BE

fingerprint: A21F 3E8C 7D04 19B2 F5A0
8C3B 7E91 2D06 09BE F4A1

-----END PGP PUBLIC KEY BLOCK-----

# response time: best effort · usually 48–72h

Security engineering, DFIR, and whatever CTI thread I can't drop.