Md Towhidul Ahmed

SOC / Blue Team Junior |

Alert triage · log correlation · incident escalation · malware & network analysis

Cologne, Germany
Get In Touch View Writeups

root@towhid:~$ whoami

SOC / Blue Team Junior

root@towhid:~$ cat specialties.txt

→ SOC & Blue Team Operations

→ Malware Analysis & Reverse Engineering

→ OT Security

→ Network Traffic Analysis

root@towhid:~$ _

01. About Me

SOC / Blue Team analyst focused on detection, triage, and incident response.

Recent M.Sc. graduate (IT & Security) with hands-on experience in SIEM alert triage, log correlation, threat hunting, and basic malware analysis.

Interested in SOC Analyst (L1/L2) roles where I can own alerts end-to-end, improve detection quality, and contribute to response playbooks.

Top 5%
TryHackMe Global
50+
Hands-on SOC Labs
2
Defensive Case Studies

02. Background Snapshot

April 2022 – September 2025

MSc in Electrical Engineering (IT & Security)

University of Rostock, Germany

Focus: IT & Security · Thesis: OT firmware vulnerability detection (reverse engineering)

February 2019 – February 2022

Technical Support Engineer (Industrial Systems)

Jeanologia Bangladesh LTD

Troubleshot industrial machinery (hardware + software), supported installs and preventive maintenance, delivered IT/user training, and tracked resolutions via CRM tickets to minimize downtime.

Full professional history available on LinkedIn

03. Writeups & Case Studies

Short technical writeups on detection engineering, reverse engineering, and OT security—focused on methods, evidence, and lessons learned.

Master's Thesis

Hardware Security – Automated Firmware Analysis of OT Devices for Known Vulnerabilities

YARA Signatures Ghidra RE CVE-2015-4590

Automated CVE detection in OT firmware using signature-based and graph-based approaches. Detected CVE-2015-4590 (ArduinoJson buffer overflow) in STM32 L476RG firmware with 76.7% accuracy via YARA signatures extracted from Ghidra. Explored Control Flow Graph isomorphism for cross-architecture vulnerability detection across STM32 and ESP8266 builds.

Key Findings:

  • Reverse-engineered STM32 firmware with Ghidra, extracted 8-byte machine code signature for vulnerable extractFrom() function
  • Developed YARA rules achieving 76.7% detection accuracy (23 of 30 vulnerable builds), 0% false positives on patched firmware
  • Implemented CFG-based detection using graph isomorphism to identify vulnerable functions across ARM and Xtensa architectures
  • Proposed automated pipeline: CVE → Vulnerable Library → Architecture-specific YARA signatures
Read Full Writeup LinkedIn
Embedded Security Case Study

Forwarding Attack on Mechatronic Locking System

Protocol Analysis Cryptography 1-Wire Protocol

Protocol analysis of ASSA ABLOY CLIQ lock: captured 1-Wire frames with logic analyzer, decoded pulse timings (13.66 µs = 0, 4.33 µs = 1), and identified critical authentication weaknesses. Full signal captures, CSV data, and decoder available on GitHub.

Key Findings:

  • Plaintext exposure: System ID "V1004261" transmitted unencrypted in every transaction
  • Pattern analysis: 70%+ identical byte sequences across different unlock events
  • Partial encryption: Only cryptographic blocks (Q1-Q21) encrypted; identifiers and permissions in plaintext
  • Full analysis available: Signal captures, timing diagrams, CSV data, and decoder on GitHub
Read Full Writeup GitHub Repo

04. Skills & Expertise

SOC & Blue Team

Alert triage, log correlation, incident escalation, basic threat hunting

Tools:

Splunk (SIEM)
Elastic Stack (ELK)
Wazuh
MISP
OpenCTI
MITRE ATT&CK
Nessus

Malware Analysis & OS Internals

Static & dynamic analysis, behavior profiling, IOC extraction, malware classification

Tools:

Ghidra
Sandboxes
YARA Rules
Windows Internals
ARM Assembly

Network Traffic Analysis

Protocol analysis, detection of suspicious traffic, basic intrusion identification

Tools:

Wireshark
Zeek
Snort
Nmap

OT / Embedded Security

Firmware analysis, embedded protocol review, OT threat awareness

Tools:

Logic Analyzer
Oscilloscope
1-Wire Protocol
ST-Link
OpenOCD

Programming & Scripting

Automation of security tasks, parsing logs, building small analysis tools

Tools:

Python
C Language
Bash Scripting

Development Tools & Environments

Git / GitHub
Linux
Windows
VirtualBox / VMware
Azure Fundamentals

05. Certifications & Achievements

TryHackMe Platform

TryHackMe

Ranked among the top 5% worldwide (December 2025)

Top Performer

Vulnerability Management with Nessus

LinkedIn Learning

Intermediate Proficiency

Azure: Create a Virtual Machine and Deploy a Web Server

Coursera Project

Completed

Security Testing: Nmap Security Scanning

LinkedIn Learning

Intermediate Proficiency

Machine Learning with Python

Coursera

Intermediate Proficiency

Neural Networks and Deep Learning

Coursera

Intermediate Proficiency

View All Certificates

06. Get In Touch

Let's Connect

I'm currently looking for a Junior SOC Analyst / Blue Team role (L1/L2). I enjoy alert triage, log correlation, and writing clear investigation notes that help teams respond faster.

Location

Cologne, Germany

Availability

Open to opportunities

Connect on LinkedIn View GitHub Profile TryHackMe Profile