Amged Wageh

Sr. Incident Response Specialist

A Senior Incident Response Specialist with strong expertise in digital forensics, reverse engineering, and threat researching. Amged leads end-to-end cybersecurity investigations, conducts thorough compromise assessments, and proactively hunts and detects advanced threats across diverse environments. He actively contributes to the cybersecurity community through in-depth threat research and tool development. He also has a proven record of guiding organizations through complex security incidents.

Amged Wage

Reports

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.

Kaspersky GReAT experts analyze the Evasive Panda APT’s infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.

Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.

Kaspersky’s GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.

Amged Wageh

Publications

Host-based logs, container-based threats: How to tell where an attack began

Dero miner zombies biting through Docker APIs to build a cryptojacking horde

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

Reports

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Evasive Panda APT poisons DNS requests to deliver MgBot

Cloud Atlas activity in the first half of 2025: what changed

Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports

Subscribe to our weekly e-mails