Amged Wageh

Sr. Incident Response Specialist

A Senior Incident Response Specialist with strong expertise in digital forensics, reverse engineering, and threat researching. Amged leads end-to-end cybersecurity investigations, conducts thorough compromise assessments, and proactively hunts and detects advanced threats across diverse environments. He actively contributes to the cybersecurity community through in-depth threat research and tool development. He also has a proven record of guiding organizations through complex security incidents.

Amged Wage

Reports

Kaspersky’s GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.

Kaspersky discloses new tools and techniques discovered in 2025 Tomiris activities: multi-language reverse shells, Havoc and AdaptixC2 open-source frameworks, communications via Discord and Telegram.

Kaspersky experts analyze the ToddyCat APT attacks targeting corporate email. We examine the new version of TomBerBil, the TCSectorCopy and XstReader tools, and methods for stealing access tokens from Outlook.

Kaspersky GReAT experts dive deep into the BlueNoroff APT’s GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images.

Amged Wageh

Publications

Host-based logs, container-based threats: How to tell where an attack began

Dero miner zombies biting through Docker APIs to build a cryptojacking horde

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

Reports

Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports

Tomiris wreaks Havoc: New tools and techniques of the APT group

ToddyCat: your hidden email assistant. Part 1

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

Subscribe to our weekly e-mails