Hello World — Independent Security Researcher Joining DEV

Source: Dev.to

About Me

I’m David, a 32‑year‑old independent security researcher based in Germany. I build things, break things, and write about both.

Research Areas

• ICS/SCADA honeypot research – Running honeypots that emulate industrial control systems (SCADA/HMI, Modbus, MQTT, NMEA/AIS) and analyzing the attacks they attract.
• Malware reverse engineering – Using tools such as Ghidra, radare2, and other binary analysis techniques to produce threat intelligence.
• Intelligence platforms – Developed Konpeki, a maritime domain awareness system that tracks vessels and aircraft across the Norwegian coast using AIS and ADS‑B data, deployed on a four‑server fleet in Helsinki.
• Causal knowledge graphs – Designing a binary format (.causal) and an inference engine for AI‑native knowledge representation.
• Cryptanalysis tooling – Created CASI (Causal Amplification Security Index), a statistical black‑box cipher validation tool available on PyPI.

Recent Work

• Malware analysis write‑ups from real honeypot captures, including a 16‑phase deep dive into P2Pinfect targeting SCADA infrastructure using Ghidra.
• Reverse engineering war stories and building intelligence systems with Python, SQLite, and numerous cron jobs.
• Exploring security research at the intersection of IT and OT.

Upcoming Post

My first full post will be a deep dive into P2Pinfect variants captured on industrial honeypots, featuring a rootkit that was first submitted to VirusTotal as a result of this research.

---

Mac Mini M4 (lol)