Designed and built a threat intelligence platform that aggregates data from multiple security tools to enrich indicators of compromise (IOCs) for an internal threat feed. The system provides actionable classifications for each IOC along with confidence and severity scores, and includes automated false-positive filtering to reduce analyst noise. By centralizing enrichment across disparate data sources, the platform significantly improves the speed and reliability of threat triage.

Developed a suite of automated unpackers capable of handling multiple custom packer and obfuscation techniques found in real-world malware. Rather than relying on manual, sample-by-sample analysis, the system identifies packing signatures and applies the appropriate unpacking routine automatically — recovering the underlying payloads at scale. This significantly accelerates the reverse engineering pipeline and enables downstream analysis tools to operate on clean, unpacked binaries.