Hi, I'm Duc Nguyen 👋
Malware Analysis &
Threat Detection Learner
I’m diving deep into malware analysis, reverse engineering, and blue team operations. I build labs and document what I learn along the way. Currently studying Information Assurance at FPT University, Hanoi.
Who I Am
I'm a cybersecurity student driven by curiosity and a passion for understanding how digital threats operate at a technical level. My main interests lie in malware analysis, incident response, and blue team operations.
I believe in "learning by doing" — building my own labs, experimenting with forensic cases, and exploring how malware interacts with systems. These hands-on experiences help me strengthen both my analytical and defensive skills.
I'm currently deepening my knowledge through Security+ and ISC2 certification studies, while exploring practical cybersecurity challenges and forensic exercises to apply what I learn.
I believe that understanding threats deeply is the first step toward defending better.
Labs & Projects
A showcase of hands-on cybersecurity labs and projects that reflect my learning journey, technical growth, and real-world problem-solving approach.
Malware Analysis Lab 12 – Dynamic Sandbox Analysis
Built a controlled sandbox to analyze malware runtime behavior, focusing on network callbacks, persistence mechanisms, and code injection techniques.
- Captured file system and registry modifications using Procmon and Regshot to identify persistence mechanisms
- Simulated network connections with FakeNet, analyzing C2 callbacks to suspicious IPs and decoded hardcoded domains
- Used PEview and IDA Pro to map function imports, extract strings, and reverse engineer encryption routines
- Result: Successfully mapped malware's full attack chain from initial execution to C2 communication
SOC Monitoring Environment with Splunk
Created a personal SOC lab to practice threat detection, log analysis, and incident response using Splunk and Sysmon.
- Deployed Splunk to monitor Windows environment including workstations and Active Directory server
- Configured Sysmon for advanced logging of process creation, network connections, and file modifications
- Simulated attacks with Kali Linux (port scans, brute force, privilege escalation) and reviewed network traffic
- Generated custom alerts for suspicious activities, wrote detection rules, and documented findings in analysis reports
- Result: Successfully detected and documented 15+ attack patterns with custom Splunk queries
Network Vulnerability Assessment – PCI DSS Retail Network
Performed comprehensive vulnerability scanning on a simulated retail network to identify security gaps and compliance issues.
- Conducted active reconnaissance using Nmap to identify open ports, services, and OS fingerprinting
- Imported scan results into Nessus for automated CVE mapping and vulnerability prioritization
- Analyzed findings against PCI DSS requirements, identifying critical vulnerabilities in payment processing systems
- Created detailed risk assessment report with severity ratings and remediation recommendations
- Result: Identified 23 vulnerabilities (5 critical), proposed mitigation plan reducing risk by 80%
Reverse Engineering CrackMe Challenges
Solved 10+ CrackMe challenges to develop reverse engineering skills and understand software protection mechanisms.
- Analyzed serial key validation algorithms using x32dbg and IDA Pro
- Traced execution flow through breakpoints, identified anti-debugging techniques, and bypassed protection mechanisms
- Wrote custom keygens in Python by reversing the validation logic from disassembled code
- Result: Successfully cracked 10+ challenges, documented reversing techniques in blog posts
PowerShell System Monitoring Tool
Developed an automated monitoring script to track system resources and send alerts for anomalous behavior.
- Created PowerShell script to monitor CPU, RAM, disk usage, and running processes in real-time
- Implemented threshold-based alerting system that sends notifications when resources exceed 85%
- Automated daily log collection and report generation using Task Scheduler
- Result: Deployed on 5 test systems, reduced manual monitoring time by 90%
Skills & Tools
Organized by practical application areas, demonstrating how I use technology to solve security problems.
Static & dynamic analysis of Windows malware
Vulnerability scanning & network mapping
SIEM operations & incident detection
Binary analysis & debugging
Automating security tasks
Multi-platform security operations
Certifications & Training
Actively pursuing industry-recognized certifications while building practical skills through hands-on platforms.
Google Cybersecurity Professional Certificate
8-course program covering security frameworks, Linux, network security, incident detection, Python automation, and SQL for threat analysis.
Web Penetration Testing 101
Hands-on training in web application security testing, OWASP Top 10 vulnerabilities, and exploitation techniques.
CompTIA Security+ (SY0-701)
Foundation-level certification covering security concepts, risk management, cryptography, and incident response fundamentals.
ISC2 Certified in Cybersecurity (CC)
Entry-level certification focusing on security principles, access control, network security, and security operations.
Latest Blog Posts
Sharing insights from cybersecurity research, technical walkthroughs, and hands-on learning experiences.
How a Website Works: The Journey from URL to Interface
Ever wondered what happens when you type a website URL? Here’s a clear, security-focused walkthrough of every step that brings a webpage to life.
Defensive Guide to Advanced XSS Risks: Detection, Mitigation, and Safe Lab Testing
How advanced XSS can be used to abuse client-side execution, the defensive controls that stop session exfiltration, and safe lab methods to validat...
File Upload Vulnerabilities - From Direct Shell Uploads to Polyglot Bypasses
A detailed technical report analyzing File Upload vulnerabilities from Level 1 to Level 6, including bypass methods, lessons learned, and secure mi...
Current Focus & Future Goals
"Learn by doing" – constantly building, breaking, and improving to stay ahead in cybersecurity.
📚 Currently Learning
- Threat Detection & Blue Team Fundamentals – Building SIEM dashboards, log analysis, and correlation rules
- Malware Analysis Foundations – Static & dynamic analysis of Windows executables
- Reverse Engineering – Using IDA Pro, Ghidra, and x64dbg to unpack and trace code
- Incident Response – Analyzing attack chains and responding to simulated intrusions
- Windows Internals – Understanding processes, threads, and kernel architecture for detection engineering
🎯 Upcoming Projects
- Automated Malware Sandbox – Python-based tool for batch analysis of suspicious binaries
- YARA Rules Development – Creating detection signatures for malware families
- Threat Hunting Lab – Simulating APT campaigns and building detection playbooks
- Open-Source Contributions – Contributing to MITRE ATT&CK mappings and malware datasets
Career Vision
I’m pursuing a career as a Malware Analyst, focused on threat intelligence and SOC operations. Through my hands-on labs, I investigate malware behavior, simulate attacks in virtual environments, and create detection rules to improve blue team visibility. My goal is to join a security team where I can turn threat data into actionable intelligence and help organizations stay one step ahead of evolving cyber threats.