Core expertise includes real-time alert triage, DDoS traffic analysis, APT group tracking via MITRE ATT&CK mapping, malware forensics using CAPEv2 and FortiSandbox, email forensic analysis, IOC extraction and enforcement at ISP/firewall/WAF level, phishing URL takedowns, and darkweb/Telegram threat intelligence monitoring across 500+ breach forums.
Key Achievements:
✔ Sub-4-hour phishing URL takedown SLA — consistently met
✔ 500+ Telegram breach forums monitored daily for proactive intel
✔ Identified and reported multiple compromised & defaced .gov.pk websites
✔ Tracked and mapped active APT groups targeting Pakistani government infrastructure
✔ Coordinated phishing takedowns with domain registrars and hosting providers
✔ Escalated high-impact threats to NCERT for national-level response
✔ Conducted sandbox malware analysis on phishing-delivered payloads
✔ Monitored darkweb forums for leaked government credentials