Hi, I'm Matthieu Gras
Incident Responder based in Zurich, writing about malware analysis, reverse engineering, and incident response.
Explore my technical deep-dives, open source contributions, and security research.
Featured
- cloud forensics tooling
Defender Timeline Downloader: Extending Data Retention for Incident Response
A technical deep dive into overcoming Microsoft Defender for Endpoint's 30-day API retention limit. This post details the architecture and authentication mechanisms of a new Go-based tool that automates the extraction of the full six-month timeline data.
- malware analysis research deep dive
Unmasking Amadey 5
Deep dive into the Amadey 5 botnet client and its role in a sophisticated cross-platform malware campaign.
- malware analysis research deep dive
Acreed: On-Chain C2 Evolution
Deep dive into a sophisticated cross-platform malware campaign leveraging blockchain for C2 resilience.
Recent Posts
- cloud forensics tooling identity security
Extending Timeline Downloader: Identity Forensics and the 9000-Event Limit
An update to the Defender Timeline Downloader tool, adding support for Identity (MDI) timelines. This post details the "Skip 9000" pagination algorithm, GZIP compression support, and UI improvements for error handling.
- malware analysis tooling
From Analysis to Tooling: Automating Amatera C2 Extraction
A technical update on Acreed analysis, detailing CAPE Sandbox contributions and a new unified static-dynamic extractor for Amatera.
- general
Welcome to My Blog
Introduction to this technical blog covering malware analysis and incident response.