I'm Tom (he/him), a Digital Forensics and Incident Response (a.k.a. DFIR) engineer based in Zurich, Switzerland. Most of my focus is around tools that aid in incident response, forensics, threat intelligence, malware analysis, automation, and API interaction.
- Keybase - https://keybase.io/tomchop
- Mastodon - @tomchop@infosec.exchange
- Twitter - @tomchop_ (don't check this much anymore)
- tomchop.me - Personal website, let's see if I ever start writing something there...
- dfTimewolf - a digital forensics pipeline orchestrator. Think CyberChef for APIs! Actively maintained.
- Yeti platform - a lightweight Threat Intelligence platform. Ramping up the time I'm spending on this.
- Timesketch - a forensics timeline analysis platform.
- volatility-autoruns - A plugin for the excellent memory analysis framework Volatility that enumerates auto-start extensibility points (i.e. "persistence") on a system.
- FIR - Fast incident response - a lightweight incident response platform. Like a ticketing system, but for security incidents.
- unxor - A fun experiment attacking weaknesses in XOR-based ciphers. Allows you to recover plaintext from any fixed-key XOR ciphertext, as long as you know a chunk of plaintext that is 2x as long as the key! (e.g.
This program cannot be run in DOS mode) - malcom - Malcom - Malware Communications Analyzer - network traffic analysis and threat intelligence in the browser.