About

About banner

I’m a cybersecurity and threat intelligence analyst focused on the intersection of malware analysis, reverse engineering, adversary tradecraft, and open source security. My work spans cybercrime, APT activity, software supply chain threats, and adversary infrastructure, including malicious packages, browser and developer extensions, and supply chain intrusions across ecosystems such as npm, PyPI, Go Modules, RubyGems, Maven, Crates, NuGet, Chrome, VS Code, and Open VSX. I track infrastructure and campaign shifts, develop detection logic for threat hunting, and turn technical investigations into high-signal detections, actionable intelligence, research, and tooling that defenders can actually use.

What I Work On

  • 📦    Software supply chain threats — Malicious packages, typosquatting, extension abuse, developer compromise, supply chain intrusions, and adversary infrastructure
  • 🔬    Malware and code analysis — Reverse engineering suspicious code, tracing payload behavior, and understanding how campaigns operate at scale
  • 🛡️    Detection and operationalization — Turning investigations into hunting logic, detections, mitigations, and practical defensive guidance
  • 🧪    Emerging abuse patterns — Tracking how threat actors exploit automation, CI/CD workflows, and AI-adjacent environments

Journey

  • 🛠️    Cybersecurity, threat intelligence, malware analysis, detection engineering (YARA/Sigma/Snort), threat hunting, infrastructure tracking, vulnerability analysis, incident handling, and automation/tooling
  •     Senior Threat Intelligence Analyst at Socket
  •     Previously at Recorded Future (a Mastercard company) — 5 years across the ARMOR (Advanced Reversing, Malware, Operations & Reconnaissance) and ACE (Advanced Cybercrime & Engagements) teams
  •     SANS Technology Institute alum — Applied Cybersecurity (ACS) Program (certified GCIA, GCIH, GSEC, GFACT)
  •     Member of InfraGard, a public-private partnership with the FBI; participating in information-sharing and chapter activities focused on U.S. critical infrastructure security
  •     Earlier in my career, I worked on investigations and programs aimed at mitigating human trafficking, corruption, and labor abuses at the United Nations, the American Bar Association, and the International Labor Rights Forum. That path wasn’t linear, but it shaped how I work: investigator first, evidence-driven always, and focused on turning complex problems into something useful for defenders.

Research, Writing, and Speaking

I regularly publish research and speak about adversary tradecraft, cybercrime, malware, software supply chain attacks, and malicious packages. My work ranges from deep technical analysis to practical defensive guidance for security teams, developers, and the broader security community. Research I contributed to has been cited in MITRE ATT&CK entries including Contagious Interview (G1052) and BeaverTail (S1246). Selected work is available in my Publications and Presentations sections.

🗣️    For anyone wondering, and many understandably do, Kirill is pronounced “key-reel” (two words put together: key + reel).

© Kirill Boychenko. Some rights reserved.

Using the Chirpy theme for Jekyll.