Amged Wageh

Sr. Incident Response Specialist

A Senior Incident Response Specialist with strong expertise in digital forensics, reverse engineering, and threat researching. I lead end-to-end cybersecurity investigations, conduct thorough compromise assessments, and proactively hunt and detect advanced threats across diverse environments. I actively contribute to the cybersecurity community through in-depth threat research and tool development. I have a proven record of guiding organizations through complex security incidents.

Amged Wage

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Amged Wageh

Publications

Host-based logs, container-based threats: How to tell where an attack began

Dero miner zombies biting through Docker APIs to build a cryptojacking horde

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails