Sourajyoti Paul

I’m happy to share that I’ve obtained a new certification: #MalwareAnalyzer from LetsDefend! I recently analyzed a live malware sample inside the ANY.RUN sandbox, where I traced its full exfiltration workflow. By inspecting SMTP traffic at the network layer, I identified the attacker’s mail server, extracted the stolen credentials being sent out, and located the malware’s own SMTP authentication sequence. I decoded the Base64-encoded username and password used by the malware to log into the attacker’s mail server , proving the infection was actively exfiltrating harvested credentials across multiple applications. This hands-on investigation highlights my core strengths as a malware analyst: deep sandbox analysis, packet-level inspection, decoding of obfuscated payloads, understanding of exfiltration channels, and interpreting MIME/SMTP structures. I can detect how malware behaves, what data it steals, which servers it communicates with, and which credentials it uses for command-and-control. As a #SOCanalyst, I can apply these skills to protect any organisation by proactively analysing malicious samples, identifying Indicators of Compromise (#IOCs), monitoring exfiltration attempts, and strengthening detection rules based on real attacker behaviour. My expertise ensures faster incident response, accurate threat attribution, and actionable intelligence that improves overall security posture. If you want, I can convert this into a resume bullet section, LinkedIn summary, or cover-letter paragraph as well.

If anyone is interested in developing their skills in #CyberThreatIntelligence (CTI), a quick thought based on my experience that might be helpful. Here are some tips for developing this skill: Understand fundamentals: attacker motives, threat types, TTPs, #MITRE #ATT&CK, #CyberKillChain Follow #OSINT sources: OTX, #MalwareBazaar, #VirusTotal, Any.Run, CISA alerts Practice #IOC analysis: IPs, hashes, domains, URLs, file behaviours Develop analytical writing: clearly explain What, Who, Why, How, Impact Study basic malware behaviour: persistence, C2 patterns, lateral movement, evasion Learn #CTItools: #MISP, OpenCTI, TheHive, Cortex, STIX/TAXII Connect CTI with SOC operations: detection tuning, alert enrichment, prioritisation Track threat actors & APT groups to think like an attacker Stay consistent: analyse, read, or write a little every day

While monitoring #APIlogs, I detected sequential access requests like /api/user/101, /api/user/102, /api/user/103 from the same session a clear #IDOR pattern. #SIEM correlation confirmed data exposure without authorization failures. I immediately revoked the user’s token, blocked the IP, and disabled the vulnerable API route. Investigation showed the endpoint lacked object-level access checks, allowing direct ID manipulation. We fixed it by enforcing authorization validation (if id != current_user.id: abort(403)), added UUIDs instead of numeric IDs, and tuned #SIEMrules to flag enumeration attempts. Attack contained within minutes, no major data loss.