About

Deobfuscated is a personal research journal about cybersecurity, written from the perspective of someone who spends most days thinking about intrusions, threat actors, and how real attacks actually unfold.

I started this site because a lot of what matters in cyber threat intelligence never really fits into formal reports, dashboards, or ticketing systems. The interesting parts usually live in the margins: half-finished hypotheses, strange overlaps between campaigns, techniques that don’t quite match the narrative, or details that only make sense weeks later.

This is a place for those notes.

Why “Deobfuscated”

Most security work starts in a state of noise.

Logs are messy. Telemetry is incomplete. Indicators contradict each other. Attribution is rarely clean. The job, at least for me, is less about “finding the answer” and more about slowly removing layers of confusion until something usable remains.

Deobfuscated is about that process — not just the conclusions, but the thinking that leads there.

What I write about

The content here reflects how I actually work and think as a threat intelligence analyst. Topics usually include:

• intrusion analysis and incident-driven observations
• adversary tradecraft and how it evolves in practice
• campaign overlaps, false assumptions, and analytical dead ends
• indicators, sightings, and why some of them matter more than others
• detection ideas and defensive takeaways
• tooling, workflows, and small technical experiments

Some posts are structured. Others are closer to notes. That’s intentional.

About me

My name is David Kasabji.
I work as a Principal Cyber Threat Intelligence Analyst.

Professionally, I spend my time on threat intelligence operations, intrusion analysis, adversary tracking, and CTI-driven security work. Unofficially, I spend a lot of time reading things that don’t quite add up and trying to understand why.

This site isn’t tied to any employer, product, or vendor. Everything here is written in a personal capacity and reflects my own thinking at a given point in time — which may change.

What this site is (and isn’t)

This is not a news feed.
It’s not a marketing blog.
It’s not meant to be exhaustive or authoritative.

It is a place to document ideas, observations, and lessons learned — especially the ones that don’t fit neatly anywhere else.

If you work in threat intelligence, detection, or incident response, parts of this will probably feel familiar. If something here helps you think differently about a problem, that’s more than enough.

If you want to reach out about something I wrote — corrections, questions, or additional context — you’ll find ways to do that through the links on the site.

Thanks for reading.