Security Researcher

Isaac.

Threat intelligence & sensor operations

About

I'm Isaac, a security researcher focused on threat intelligence through proactive sensor deployment and large-scale internet telemetry.

With GreyNoise researcher access, I run geographically distributed sensors that emulate vulnerable systems. This lets me observe real attacker behavior, separate background noise from targeted activity, and track emerging patterns across the internet.

My goal is simple: turn raw sensor data into clear, actionable insights about how threats move today.

Work

GreyNoise Sensor Operations Active

Deployed three sensors across different geographic locations and cloud providers. Each runs unique software profiles designed to emulate vulnerable systems and capture both internet background noise and malicious activity in real time.

Sensor Data Analysis Workflow Active

Analyzing telemetry from the sensors to distinguish opportunistic noise from targeted attacks. This includes enrichment via VirusTotal, static analysis with Detect-It-Easy and string extraction, plus sandboxing of noteworthy payloads.

Threat Intelligence Contributions Ongoing

Deriving insights from captured activity to map current attack patterns, geographic differences in behavior, and emerging trends in internet-wide noise.

Recent Observations

Consistent SSH brute-force and vulnerability scanning patterns appearing across all three sensor locations, showing clear geographic differences in originating networks.
Strong separation between high-volume benign scanner traffic and lower-volume, more purposeful exploitation attempts.
Emerging malware samples collected from sensors and successfully linked to known campaigns using GreyNoise data and sandbox results.

Tools & Methods

Detection

GreyNoise sensors

Analysis & Enrichment

GreyNoise platform
Detect-It-Easy
VirusTotal
String extraction
Sandbox analysis