2. 2
malware samples hunting, downloading and classifying
• Automation of any manual workflow
• Support of all developed tools
• ROMAD Antivirus signature database development and testing
• Testing products for correct work and malware detection, bugs investigation and reporting
• Research of malware techniques
• Research and description of new ideas and features to increase opportunities of endpoint product
to detect actual malware families
• Malware samples hunting and research (MS Windows OS):
• Stack-trace of system calls flow
• API flow
• Process hierarchy
• Suspicious traffic
• Memory injections, allocations, origins, etc
• Destructive system changes
• Debugging, unpacking, dumping
• Disassembling (IDA, Hiew, etc)
• Malware incidents investigation
• Writing detailed technical documentation
Professional achievements:
• Malware behavior log parser developed
• Antivirus database metadata standard improved, new features researched and implemented
• Antivirus database metadata preprocessor developed
• Antivirus database metadata validation tool developed
• Metadata detector (standalone signature detector) developed
• Generator of internal database for stack-trace analysis (using IDA API) developed
• Cross-process malware detection mechanism researched, described, documented as standard
and developed for standalone signature detector
• Malware hunting and downloading tool (using VirusTotal API v2 and v3 (jsonapi)) developed
• Malware classifier by behavior log developed
• Malware checker and sorter (using VirusTotal API v2 and v3 (jsonapi)) developed
• Process tree viewer (by system behavior log information) developed
• False positive detection prevention tool developed
• All developed tools carefully documented
• Antivirus signatures for top-80 malware families developed and tested
• A number of bugs in endpoint product discovered, investigated and reported
• A number of new features researched, described and documented for developers and tested after
releasing to improve actual malware detection with endpoint product
• All manual workflow of malware analysis department automated
• One developer and one QA engineer trained to work at malware analysis department
Malware analyst, CTO: 2012 - 2015
GridinSoft LLC
www.gridinsoft.com
Responsibilities:
• Technical strategy of product evolution
3. 3
• Malware research
• Malware analysis automation
• Antivirus signature database development
• Malware detection statistics analysis
• Technical support of malware victims
Professional achievements:
• A number of tools for malware research, hunting and downloading developed
• Antivirus signature database efficiency improved
• Antivirus signature database update tool improved
• Endpoint product release automated
• False positive malware detection minimized
• A number of new features researched and documented for developers to improve malware
detection and cleaning with endpoint product
• Communication with endpoint users improved, remote technical support implemented
• Hiring and training new developers and malware analysts
Lecturer at Computer and information systems department: 2006 - 2013
Kremenchuk Mykhailo Ostrohradskyi National University
www.kdu.edu.ua
Subjects:
• Programming (C/C++, Assembler (MASM, x86/x64), Prolog, Pascal)
• Architecture of Computers
• Information Security
• Theory of Digital Automaton
• Probability Theory
• Mathematical Statistics
• Digital Signal Processing
• Theory of Information and Coding
• Simulation Modeling
LANGUAGES
Russian (native), Ukrainian (native), English (intermediate)
RECOMMENDATIONS
Available on request
EDUCATION
Kremenchuk Mykhailo Ostrohradskyi National University: 2000 - 2006
Kremenchuk, Poltava region, Ukraine
Master's Degree (Honors), Computer Systems and Networks