Malware RE · CTI · Red Team

Orion Wallace
Hunts & Builds

0xdevbot//Principal CTI Analyst//Security Researcher

Nine years hunting nation-state actors across DoD cyber operations.
I reverse malware, orchestrate red teams, lead Cyber Threat Intelligence Teams in the OT/IT space, and turn raw threat data into intelligence that shapes national-security posture.

View Work →Download Résumé ↓

// TELEMETRYLIVE

IOC_IDENTIFIED1247+

CLEARANCETS/SCI

CERTIFICATIONSCISSP

DETECTIONS_AUTHORED100+

> malware: sample detonated · behavior captured

▼ SCROLL TO EXPLORELAT 38.8897°N · LON -77.0091°E

Years in Cyber & Software

CTI Products Authored

TS/SCI

Active Clearance

CISSP

2026 Certified

01 / ABOUT

Who's behind the handle

Full-stack systems,
built to last.

I'm Orion Wallace. Principal Cyber Threat Intelligence Analyst for the DoD and founder of CINDR Security Research. Active TS/SCI clearance, nine years across DoD cyber operations and defense-industrial software development.

I hunt APTs, lead red team operations, and reverse malware — with deep work against Chinese state-sponsored actors and Russian-nexus campaigns. Previously Senior Software Engineer at Northrop Grumman shipping secure C++ for embedded systems.

View Résumé →

// CORE FOCUS04

Malware RE / DFIR

Ghidra, x64dbg, Volatility 2/3, KAPE, static, dynamic, and memory forensics.

CTI & Attribution

MITRE ATT&CK, APT attribution, IoC enrichment, 200+ finished intel products.

Red Team & Detection

Adversary emulation, kill-chain authoring, YARA/Sigma rule development.

Software Engineering

C++ 11/17/20, Python, React/Next.js, Azure Functions, ELK.

02 / SELECTED WORK

Tools, apps & builds

Things I've shipped.

All projects on GitLab →

CTI · C++ / PYTHON / AZURE

CINDR Intelligence Suite

Modular CTI tooling that compresses the malware-triage-to-attribution-to-detection workflow from hours to minutes. Cloud-native triage engine returns structured static + behavioral analysis across 25+ file types in under 5 minutes; TTP Mapper ranks probable APT attribution via weighted F1 scoring against the full MITRE ATT&CK dataset.

C++ · Python · Azure Functions · ELKGitLab ↗

THREAT HUNTING · C++

ConnToProc

Windows Native API tool that watches new host connections, traces them back to the originating process, and emits custom events into an ELK stack for downstream threat hunting.

C++ · Windows API · ELKGitLab ↗

CTI TOOLING · PYTHON

CVEScout

Cyber Threat Intelligence tool that generates a CVE Crosswalk and per-actor risk assessments for a given network surface. Delivered to 67th Cyberspace Wing and distributed to 15 Cyber Operations Squadrons.

Python · MITRE ATT&CK · CTIGitLab ↗

OSINT · C++

InfrastructureScan

OSINT Purple Team software that uses publicly available infrastructure data or IoCs to programmatically discover and map networks. Designed to uncover Malicious Cyber Actor infrastructure; adopted by Red/Blue Teams.

C++ · OSINT · Network AnalysisGitLab ↗

03 / NOW

Current focus · updated Jun 2026

What I'm on this month.

Researching

Lead reverse engineer on the Zera Info-Stealer malware campaign at CINDR Security Research — multi-stage Electron payload, Russian-nexus attribution.

Building

CINDR Intelligence Suite — modular cloud-native CTI tooling for DFIR teams and SOCs. Three tools in active development: IOC Enrichment Hub, Threat Report Extractor, Detection Rule Builder.

Serving

Principal Cyber Threat Intelligence Analyst, USAF Reserve. SME on Chinese state-sponsored cyber actors.

Working

Building an AI-enabled reverse engineering system — automating malware triage, deobfuscation, and TTP extraction to accelerate analyst workflows.

Get in touch

Have a project,
or just want to connect?

Collaborations, side projects, or just saying hello.

✦ Email GitLab LinkedIn

Orion WallaceHunts & Builds

Full-stack systems,built to last.