About Me
My name is Mike, also known by my handle “Rem” in most internet circles. I am a SANS Technology Institute graduate, with a focus on digital forensics and incident response. I am also involved in the Python Software Foundation as a supporting member, and dedicate a large portion of time towards open source security.
Professionally, I work at Huntress as a senior security analyst by day and run a cybersecurity organization of my own called Vipyr Security by night.
I can also be found on the Python Discord, where I contribute frequently towards cybersecurity-related discussions and internal projects.
Experience
-
Huntress
PresentSecurity operations and tactical response leadership across enterprise detection and incident response workflows.
-
Senior Tactical Response Analyst
Jan 2026 - Present
- Lead detection, triage, and active mitigation of enterprise-scale cyber threats.
- Produce actionable threat research and advisories on emerging vulnerabilities and malware campaigns.
- Build and refine detection logic using ELK, Sigma, and YARA across detection platforms.
-
Senior Hunt & Response Analyst
May 2025 - Jan 2026
- Conducted threat hunting and incident investigation across multiple environments.
- Translated real-world incidents into documented threats and advisories for technical audiences.
- Collaborated with engineering and SOC teams to operationalize threat findings.
-
Senior Security Operations Analyst
Oct 2024 - May 2025
- Monitored security telemetry and escalated verified threats to response teams.
- Supported SOC playbook improvements informed by detection efficacy and adversary behavior.
-
Security Operations Analyst
Apr 2024 - Oct 2024
- Maintained vigilance across security alerting systems and assisted with incident escalations.
- Assisted in tuning detection systems and documenting investigative procedures.
-
-
Vipyr Security
PresentFounder and detection engineer leading practical supply-chain security operations.
-
Founder, Detection Engineer
Mar 2023 - Present
- Implement hand-written YARA schemas for at-scale Python Package Index malware detection.
- Design and evolve program specifications for a cluster-based code security engine.
- Drive incident triage and mitigation workflows for open-source package threats.
-
-
Wells Fargo
Risk analyst supporting financial controls through data validation and reporting.
-
Risk Management Analyst
Apr 2023 - Jun 2023
- Performed data reconciliation and deviation analysis using SQL and Python.
- Authored secure, maintainable tools for internal data pipelines.
- Supported PowerBI and Excel workflows with Python, PowerShell, M, and SQL.
-
-
United States Air Force
Program analyst supporting secure systems operations and compliance.
-
Program Analyst
2015 - 2023
- Performed software testing, IT asset management, and configuration management.
- Supported software distribution lifecycle operations and physical penetration testing.
- Managed secure systems and oversaw unit-level IT compliance auditing.
-
Certifications and Education
- GIAC Enterprise Penetration Tester (GPEN)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Forensic Examiner (GCFE)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Python Coder (GPYC)
- GIAC Certified Incident Handler (GCIH)
- GIAC Security Essentials (GSEC)
- GIAC Information Security Fundamentals (GISF)
- GIAC Foundational Cybersecurity Technologies (GFACT)
Publications and Referenced Work
See the blog section for full write-ups and referenced technical work.
-
A New RAT and a Hands-on-Keyboard Intrusion | Huntress
ClickFix infection deploys Matanbuchus 3.0 loader and drops a new RAT that we’ve dubbed AstarionRAT. We break down the layers and the hands-on intrusion that followed.
huntress.com
-
Employee Monitoring and SimpleHelp Software Abused in Ransomware Operations | Huntress
Huntress uncovers ransomware operations abusing employee monitoring software and SimpleHelp RMM for persistence, and ransomware deployment.
huntress.com
-
PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182 | Huntress
Huntress is seeing threat actors exploit React2Shell (CVE-2025-55182) to deploy a Linux backdoor, a reverse proxy tunnel, and a Go-based post-exploitation implant.
huntress.com
-
An Attacker’s Blunder Gave Us a Look Into Their Operations | Huntress
An attacker installed Huntress onto their operating machine, giving us a detailed look at how they’re using AI to build workflows, searching for tools like Evilginx, and researching targets like software development companies.
huntress.com
-
Active Exploitation of SonicWall VPNs | Huntress
A likely zero-day vulnerability in SonicWall VPNs is being actively exploited to bypass MFA and deploy ransomware. Huntress advises disabling the VPN service immediately or severely restricting access via IP allow-listing. We're seeing threat actors pivot directly to domain…
huntress.com
-
Wing FTP Server Remote Code Execution (CVE-2025-47812) Exploited in the Wild | Huntress
Huntress discovered active exploitation of Wing FTP Server RCE (CVE-2025-47812). Learn more about the injection flaw, attack timeline, forensic artifacts, and how to protect your organization.
huntress.com
-
CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild | Huntress
Huntress has observed in the wild exploitation against CVE-2025-30406, a weakness due to hardcoded cryptographic keys.
huntress.com
-
Hunt for RedCurl | Huntress
Huntress discovered RedCurl activity across several organizations in Canada going back to 2023. Learn more about how this APT operates and how they aim to remain undetected while exfiltrating sensitive data.
huntress.com
-
Managed SIEM and the Art of Perfecting Cyber Defense | Huntress
How Huntress Managed SIEM turns signal recognition into defensive mastery.
huntress.com
-
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and macOS Backdoors
We track a campaign by Gleaming Pisces (Citrine Sleet) delivering Linux or macOS backdoors via Python packages, aiming to infiltrate supply chain vendors. We track a campaign by Gleaming Pisces (Citrine Sleet) delivering Linux or macOS backdoors via Python packages, aiming to in…
unit42.paloaltonetworks.com
-
Cracks in the Foundation: Intrusions of FOUNDATION Accounting Software | Huntress
Threat actors have been successful in gaining entry using accounting software commonly used by construction companies.
huntress.com
-
Mapping Threats with DNSTwist and the Internet Storm Center [Guest Diary]
Mapping Threats with DNSTwist and the Internet Storm Center [Guest Diary], Author: Guy Bruneau
isc.sans.edu
-
When Trust Becomes a Trap: How Huntress Foiled a Medical Software Update Hack | Huntress
Hackers cloned a legitimate medical image viewer site to distribute malware, but thanks to Huntress, the threat was detected in time. Dive into the incident and see how we uncovered the deception and averted disaster.
huntress.com
-
APT Activity Report Q4 2023 - Q1 2024 | ESET
Explore the latest APT Activity Report Q4 2022-Q1 2023 to learn more about Iran-aligned groups, espionage of Russia-aligned groups, and China-aligned threat actors exploiting vulnerabilities in public-facing appliances.
eset.com
Accolades
- Deans List - SANS Institute Fall 2024
- Deans List - SANS Institute Spring 2024
- PicoCTF 2024 - 138/6957, Global Leaderboard
- NCL Spring 2024 - 33/7412, Individual
- NCL Spring 2024 - 7/4199, Team (Team Captain)
- GIAC Advisory Board
Getting in Touch
The simplest way to contact me is through @sudo_Rem.