⚠ MALWARE ANALYSIS REPORT — WannaCry Ransomware | March 13, 2023

Cybersecurity Portfolio

John Dominick Limpag

Senior SOC Specialist / DFIR Analyst / Threat Hunter

📍 Pasay City, PH 📞 0997 247 7396 ✉ johndominicklimpag@gmail.com in LinkedIn ↗
0
Years Experience
0
Certifications
0
Companies
0
Frameworks
[ THREAT INTEL ] · DFIR · SOC · SIEM · XDR · MITRE ATT&CK · NIST 800-171 · ISO 27001 · PCI-DSS · FedRAMP · SOC 2 · VAPT · MALWARE ANALYSIS · IOC TRIAGE · THREAT HUNTING ·

01 Profile

Cybersecurity Specialist with 6+ years of experience in Security Operations, Digital Forensics and Incident Response (DFIR), Threat Hunting, and Vulnerability Assessment. Experienced in enterprise-level SOC environments, leading 24/7 monitoring teams, and implementing compliance frameworks.

Currently serving as Senior SOC Specialist at SupportZebra, leading incident response operations, managing endpoint detection platforms, and ensuring compliance across multiple regulatory frameworks.

Compliance Frameworks

NIST 800-171 ISO 27001 PCI-DSS FedRAMP SOC 2

02 Experience

Senior SOC Specialist
SupportZebra
CURRENT
Dec 2024 – Apr 2026
  • Lead DFIR and SOC operations using Microsoft Defender (Global Admin), Sentinel, and Splunk SIEM
  • Manage Palo Alto Cortex XDR, Sophos Firewall, Microsoft Intune, and Exchange
  • Administer NinjaOne RMM for endpoint monitoring and patch management
  • Handle ticketing workflows via ServiceNow and ConnectWise
  • Conduct vulnerability assessments; guide NIST, FedRAMP, and ISO 27001 compliance
  • Supervise 24/7 Security Operations Center team
MS DefenderSentinelSplunk Cortex XDRNinjaOneFedRAMP
SOC Engineer II
Adventus IT Services (PH)
2023–2024
May 2023 – Nov 2024
  • Monitored network activity across Meraki, FortiGate, and Palo Alto firewall environments
  • Utilized Datadog SIEM for log correlation and anomaly detection
  • Handled incident response, priority alert reporting, and security improvement processes
Datadog SIEMFortiGateMerakiPalo Alto
Security Consultant (Penetration Tester)
IT Dynamics
2022–2023
Apr 2022 – Apr 2023
  • Conducted network and web application penetration testing (VAPT)
  • Delivered manual exploitation findings and detailed remediation reports
VAPTWeb AppSecNetwork PenTest
Incident Response Analyst
Purple Securities OPC
2020–2022
Jan 2020 – Mar 2022
  • Investigated incidents from detection to containment
  • Developed incident response playbooks and forensic analysis workflows
  • Leveraged Tines for security automation and alert enrichment
DFIRTinesForensicsPlaybooks

03 Skills & Tools

🛡️
Security Ops
DFIRThreat HuntingMalware AnalysisVAPTIOC Triage
📊
SIEM
Microsoft SentinelSplunkDatadog SIEMQRadarAlienVaultRapid7
💻
Endpoint / XDR
Cortex XDRMS DefenderIntuneNinjaOne RMMSophos
🔥
Firewall / Network
Palo AltoCisco MerakiFortiGateSophos Firewall
🎫
Ticketing / SOAR
ServiceNowFreshdeskConnectWiseTines
📋
Compliance
NIST 800-171ISO 27001PCI-DSSFedRAMPSOC 2

Proficiency

SOC / DFIR OperationsExpert
SIEM EngineeringExpert
Penetration TestingAdvanced
Compliance / GRCAdvanced
Threat HuntingExpert

04 Featured Project

JDLThreatIntel — Threat Intelligence Platform
JDLThreatIntel
Custom-Built Browser-Based Threat Intelligence Platform

A fully custom browser-based malware analysis and threat intelligence platform built from scratch with zero backend dependencies. Designed to augment SOC analyst workflows with powerful client-side intelligence tools.

22-Engine AV Scanner Behavioral Sandbox IOC Intelligence Lookup MITRE ATT&CK Mapping Automated IR Reports Windows/Linux VM Sim No Backend Required Client-Side Processing
Launch Platform ↗
CLASSIFIED REPORT — Click to View Full Analysis
WannaCry Ransomware — Malware Analysis Report
CVE-2017-0144 · EternalBlue · Lazarus Group · CRITICAL Severity

Comprehensive 18-page technical malware analysis covering static analysis, dynamic sandboxing, encryption mechanisms, EternalBlue propagation, kill switch discovery, IOC mapping, and full defensive recommendations. Produced for educational and portfolio purposes.

REPORT DATE: Mar 13, 2023 18 PAGES MALWARE ANALYST EDUCATIONAL

05 Certifications

BTL1 Gold Certificate — John Dominick Limpag ★ GOLD
Featured Certification
Blue Team Level 1 — GOLD Badge
Security Blue Team · Certified Sep 19, 2024 · ID: 725586067

Earned the GOLD badge — Security Blue Team's highest recognition — by completing 24 real-world practical labs and passing a grueling 24-hour live incident response exam. Demonstrated hands-on proficiency across 5 core blue team domains.

24 real-world practical labs (CTF challenges) using industry-grade tools
Tools: SPLUNK, Volatility, Autopsy, DeepBlue CLI, TheHive5, Wireshark & more
Practical 24-hour Incident Response exam — completed with a passing grade
5 security domains: Phishing Analysis, Digital Forensics, SIEM, Threat Intelligence, Incident Response
Phishing Analysis Digital Forensics SIEM Threat Intelligence Incident Response
ISC2 CCCertified in Cybersecurity
CEHCertified Ethical Hacker — EC-Council
CompTIA Security+CompTIA
BTL1 ★ GOLDBlue Team Level 1 — Security Blue Team
SC-200Microsoft 365 Defender — Microsoft
AZ-900Azure Fundamentals — Microsoft
CNSPNetwork Security Practitioner — SecOps Group
CAPCertified AppSec Practitioner — SecOps Group
C3SACyber Security Analyst — CyberWarFare Labs
TryHackMe SAL1Security Analyst Level 1
Palo Alto NetworksCortex XQL Cloud Security Professional
SplunkSecurity Operations & Defense Analyst
FortinetCertified Associate in Cybersecurity (FCA)
DatadogCloud Security Engineer
QualysCertified Specialist — Vulnerability Management
SophosCertified Central Endpoint & Server Engineer
CiscoJunior Cybersecurity Analyst — Networking Academy
INE × ROOTCONPractical Ethical Hacking · Malware Analysis & Triage · Windows Forensics · Web Application Security · GRC Analyst Master Class
EC-CouncilActive Directory Penetration Testing · Network Defense Essentials · Digital Forensics Essentials

06 CTF Competitions

2nd
Hack4Gov 2 — Zampen
2023 · National Government CTF

Placed 2nd in Zamboanga Peninsula's regional Hack4Gov government-sponsored Capture the Flag competition, demonstrating advanced offensive and defensive security skills.

🏅 2nd Place
Top
40
Google CTF
2022 · Global · Google

Ranked in the global Top 40 at Google CTF 2022 — one of the most prestigious and technically challenging CTF competitions worldwide, participated solo or as part of a team.

🌐 Global Top 40
Top
10
NahamCon CTF
2023 · Global · Team

Achieved Top 10 ranking at NahamCon CTF 2023 as part of a coordinated team. NahamCon is a globally recognized security conference and CTF, attracting thousands of participants.

🤝 Team · Top 10 Global

07 Education

BS
CoE
BS Computer Engineering
Ateneo de Zamboanga University
2020 – 2024
ISSO
Founder & President — ISSO
Ateneo de Zamboanga University
2020 – 2024
  • Established ADZU's first student-led cybersecurity organization
  • Organized CTF competitions and career mentoring sessions
  • Collaborated with the university IT department to harden infrastructure

Open to opportunities
& collaboration

Available for SOC leadership, DFIR consulting, and penetration testing engagements

✉ Send Email in LinkedIn ↗