About

Who I am and what this site is about

MAN(1) · YARONKING(7) · MAN(1) last updated 2026-05-22

$ 1 NAME

yaron-king — a defender with an attacker mindset. Twenty years in cybersecurity, currently a senior blue-teamer at a financial / government institute.

$ 2 SYNOPSIS

I think red-team and blue-team are two sides of the same coin, and that the practitioners I trust most have spent serious time on both. This site is where I write about the defensive work I do — and the offensive techniques I study to do it well.

My posts are technical, code-first, and aimed at fellow practitioners and people learning the field. If a post can't be reproduced from the words, I haven't finished writing it.

$ 3 BACKGROUND

I started broad-spectrum at a governmental ISP, in a multi-faceted role that rotated me through Helpdesk, SOC, NOC, and AOC. Several years of seeing every layer of how an enterprise actually runs — the right foundation, in retrospect, for the rest of this career.

From there I joined the cyber-security team of a financial / government institute, and I've been there since. The work has moved with the field: I helped implement and administer IAM and endpoint-protection solutions across the org, then pulled SIEM integration in and started writing detection rules. These days I'm focused on detection engineering and SOAR automation.

In parallel, I've taken courses across web hacking, infrastructure hacking, malware analysis, and reverse engineering — because you can't engineer detections for techniques you don't understand.

$ 4 EXPERTISE

BLUE-TEAM CRAFT
Detection engineering, SOAR automation, SIEM rule design.
Sigma · KQL · Splunk · custom playbooks
IDENTITY (IAM)
Implementation & admin of identity and access controls across the organization.
Active Directory · privileged access
ENDPOINT
Org-wide endpoint-protection rollout and operational tuning.
EDR · Sysmon · ETW · log audit
IR & FORENSICS
Incident response and post-incident analysis. Timelines, root-cause, follow-up detections.
MALWARE ANALYSIS
Static and dynamic analysis. Reverse engineering when the sample warrants it.
SANS FOR610
RED-TEAM (curiosity)
Small internal pen-tests with open-source tooling — to keep the defender honest.

$ 5 HIGHLIGHTS

ENDPOINT @ ORG-SCALE
Implementation of the endpoint-security solution across the entire organization — rollout, tuning, and the slow patient work of getting it useful in production.
VISIBILITY
Enhancing org-wide visibility via comprehensive log audit, including Sysmon. Turning “we have logs” into “we have signal.”
SOAR
Building SOAR automations so the SOC's repetitive work runs itself, and the analysts get to spend their attention on the things that actually need it.
INTERNAL PENTESTS
Running small internal pen-tests with open-source tooling — finding gaps in our own controls before someone else does.

$ 6 EDUCATION

M.Sc.
Computer Science.
B.Sc.
Computer Science.
SANS FOR610
Reverse-Engineering Malware: Malware Analysis Tools and Techniques.
ONGOING
Vendor courses across web hacking, infrastructure hacking, malware analysis & RE.

$ 7 TALKS

2019BSidesTLVTel Aviv
2017BSidesTLVTel Aviv

$ 8 CONTACT

Best way to reach me is by replying to a post on GitHub — Issues are public, which keeps the conversation useful for everyone else who ends up here. Otherwise: @Sam0rai on the usual social platforms.