Cybersecurity Professional · Port Washington, WI

Kevin
Maslanka

Threat Intelligence  ·  OSINT  ·  Malware RE  ·  Adversary Tradecraft  ·  Terrorism Research

Security researcher and infrastructure engineer with deep expertise in adversary tradecraft, malware reverse engineering, and threat actor intelligence. I build, operate, and defend systems under real attack — not in a lab. My infrastructure autonomously classifies, geo-attributes, and blocks nation-state and criminal actors in real time, correlating honeypot telemetry, fail2ban jails, SSH tarpit data, and global threat feeds into a unified kill chain. Over 3.4 million IPs permanently blocked. Live 24/7.

View Resume ↗ Get in Touch
KEVSEC Platform ● LIVE
IPs Blocked
Probes Caught
Threat Processing
Monitoring 24 / 7 / 365
Platform Status ● OPERATIONAL
Location CLASSIFIED
--:--:-- INIT Loading threat feed...
3.4M+
IPs Actively Blocked
8+
Years in IT & Security
24/7
Automated Threat Detection
300+
Platforms Enumerated
50+
Tools & Technologies
LIVE CVE INTELLIGENCE
NIST NVD · FIRST EPSS ·
LOADING THREAT FEED...
SOURCE: NIST NVD + FIRST EPSS PROBABILITY FULL DATABASE ↗
PLATFORM DETECTIONS — LIVE
KEVSEC ACTIVE DEFENSE ·
LOADING STATS... DASH.KEVSEC.COM ↗
Active Defense — Live Infrastructure

Honeypot Network Status

TRAPS: 40+
STATUS: ALL ACTIVE
BANS TODAY:
UPTIME: 99.9%
ACTIVE TRAP PATHS
● LIVE
/global-protect/login.espPalo Alto PAN-OS · CVE-2024-3400
/dana-na/auth/url_default/welcome.cgiIvanti Connect Secure · CVE-2025-0282
/mgmt/tm/util/bashF5 BIG-IP · CVE-2023-46747
/logon/LogonPoint/index.htmlCitrix Bleed · CVE-2023-4966
/ecp/Exchange ProxyShell · CVE-2021-34473
/setup/setupadministrator.actionConfluence · CVE-2023-22515
/human.aspxMOVEit Transfer · CVE-2023-34362
/remote/loginFortinet FortiGate · CVE-2022-40684
/ui/vropspluginui/rest/services/addrequestVMware vCenter · CVE-2021-21985
/actuator/envSpring Boot · CVE-2022-22965
/wp-admin + /wp-login.phpWordPress · credential spray
/cpanel + /whm + /2082-2083cPanel Web Hosting Panel
/phpmyadmin + /pmaphpMyAdmin · DB exposure
/.env + /.git/configLaravel / Git secrets probe
/api/v1/namespacesKubernetes API exposure
/latest/meta-data/iam/security-credentials/AWS IMDS SSRF
/v1/sys/healthHashiCorp Vault
/jellyfin/Users/AuthenticateByNameJellyfin API bruteforce
/zimbra/ + /v1.41/containers/jsonZimbra · Docker API exposure
+ 20 more trap paths active...gitlab · grafana · solr · jenkins · nagios...
RECENT IP BANS — LIVE
● UPDATING
PIPELINE: honeypot → fail2ban → nftables → blocklist · every 2h
Real-Time Intelligence
Global Threat Maps
SOURCE: KASPERSKY SECURITY NETWORK — LIVE GLOBAL ATTACK VECTORS OPEN FULL MAP ↗
SOURCE: FORTIGUARD LABS — REAL-TIME THREAT INTELLIGENCE NETWORK OPEN FULL MAP ↗
SOURCE: BITDEFENDER THREAT INTELLIGENCE — LIVE ATTACK FEED OPEN FULL MAP ↗
About

Mission Profile

I grew up immersed in online communities, forums, and multiplayer gaming environments — spaces where social engineering, deception, and trust exploitation happen in real time. That early exposure taught me something most people learn the hard way: the biggest vulnerability in any system is the human element. It's what drew me to Open-Source Intelligence (OSINT) investigations, digital footprint analysis, and understanding how attackers weaponize publicly available information.

Today I conduct independent security research, malware reverse engineering, and dark web operations to study adversary tradecraft and threat actor behavior. My research extends into domestic and international terrorism — including radicalization pipelines, extremist network infrastructure, and ideological threat actor ecosystems studied through an intelligence-collection lens. I am trained in the FEMA/NIMS Emergency Management Framework and hold multiple FEMA certifications covering incident command, national incident management, and national response operations. I maintain a personal cybersecurity lab running Linux environments and security tooling for hands-on analysis. KEVSEC is the operational platform I built end-to-end: automated threat blocking pipelines, multi-source intelligence aggregation, live honeypot systems, and a unified dashboard that surfaces what matters in real time.

My professional background spans enterprise IT support, physical security infrastructure, and AV systems — including serving 3,000+ customers across major corporate campuses, supporting a $100M facility launch, and training end users adapting to new technology platforms. Known for translating complex technical concepts into clear, actionable guidance for non-technical stakeholders. Highly curious, investigative, and driven to solve complex technical problems. Prior member of CBRE's Rising Professional Organization and certified first responder on the Emergency Response Team.

Role Cybersecurity Researcher
Focus Malware Analysis / OSINT / Terrorism Research
Platform KEVSEC SOC Lab
Environment Linux / Proxmox / Windows
Background IT + Physical Security
Education BS Cybersecurity — CSU
Status Open to Roles
Skills

Capability Matrix

OSINT Investigations & Digital Footprint Analysis 92%
Security Research & Threat Intelligence 85%
Dark Web Operations & Adversary Tradecraft 82%
Malware Analysis & Reverse Engineering 88%
TCP/IP & Network Fundamentals 85%
Active Directory & Windows Administration 80%
Technical Documentation & Reporting 85%
Linux Environments & Security Tooling 70%
Terrorism & Extremism Research 82%
FEMA / Emergency Management Framework 90%
Tooling

Tools & Arsenal

// OSINT & RECON
Maltego Shodan SpiderFoot theHarvester Recon-ng OSINT Framework Bellingcat Toolkit
// NETWORK & OFFENSE
Wireshark Nmap Nessus Burp Suite Metasploit Aircrack-ng tcpdump
// MALWARE RE & FORENSICS
Ghidra x64dbg IDA Free Volatility YARA Cutter PEStudio Detect-It-Easy
// PLATFORM & DEV
Kali Linux Ubuntu Server Python Bash Git Docker Proxmox
// DEFENSE & INFRA
fail2ban nftables Nginx Cloudflare Splunk Suricata YARA
Expertise

Operational Domains

01 — THREAT_INTEL
Threat Intelligence
Real-time aggregation across security feeds, CVE disclosures, and OSINT sources. IOC correlation and automated triage of critical disclosures across multiple threat actor TTPs.
02 — ACTIVE_DEF 🛡
Active Defense
Multi-layer perimeter enforcement. Automated detection and blocking of credential stuffers, infrastructure scanners, and malicious actors at scale via nftables and fail2ban.
03 — OSINT 🔍
OSINT Research
Passive reconnaissance, actor attribution, cross-referencing against threat databases, adversarial infrastructure mapping, and digital footprint analysis workflows.
04 — MALWARE_RE 🧬
Malware Reverse Engineering
Static and dynamic analysis using Ghidra, x64dbg, IDA, and Volatility. Dissecting malware families, unpacking loaders, extracting C2 configs, and mapping adversary tooling to MITRE ATT&CK. Extensive experience with infostealers, RATs, ransomware, and APT implants.
05 — TERROR_INTEL 🎯
Terrorism & Extremism Research
Intelligence-driven research into domestic and international terrorist movements, radicalization pipelines, and extremist network infrastructure. Tracking ideological threat actors across the surface, deep, and dark web using OSINT methodology and law-enforcement-aligned analytical frameworks.
06 — DFIR 🔬
Digital Forensics & IR
Log analysis, incident reconstruction, and evidence preservation across host and network artifacts. DFIR methodology applied to real incidents with chain-of-custody discipline.
07 — EMERG_MGMT 🚨
Emergency Management
FEMA-certified in ICS, NIMS, and the National Response Framework. Trained in incident command structure, multi-agency coordination, and EOC operations. Applies emergency management doctrine to cybersecurity incident response and crisis communication.
08 — INFRA_ENG
Infrastructure Engineering
Bare-metal Linux, virtualization with Proxmox, automated deployment pipelines, and continuous monitoring across self-hosted distributed systems at scale. 10+ production services running under real-world attack pressure.
Experience

Mission Log

Freelance Security Engineer Sep 2023 — Present
WebSec B.V.
Support senior analysts in OSINT investigations. Conduct digital footprint analysis and identity correlation across platforms. Document findings in structured investigative reports for client deliverables.
OSINT Identity Correlation Reporting
Key Account Manager Sep 2019 — Feb 2021
CH Coakley
Served as system administrator for enterprise asset management software. Oversaw a 20,000-item inventory transfer between business units. Created best practices documentation adopted company-wide as a standard operating procedure.
System Admin Enterprise Software Process Documentation
Service Desk Analyst Mar 2019 — Aug 2019
VCPI (Healthcare IT)
Handled 25–40 daily calls across healthcare clients. Active Directory administration, user account management, and endpoint troubleshooting. Operated within strict HIPAA, OSHA, and ANSI compliance requirements.
Active Directory HIPAA Healthcare IT
Information Systems Technician Oct 2018 — Feb 2019
BAYCOM, Inc.
Installed and configured physical security systems including IndigoVision, Panasonic, and Motorola equipment. Deployed in high-security environments: 911 dispatch centers, evidence lockers, and courtrooms.
Physical Security Network Deployment Security Systems
Audio Visual Coordinator Jun 2016 — Apr 2018
CBRE Global Workplace Solutions
Served 3,000+ customers across major corporate campuses. Supported the Day One opening of a $100M facility. Created enterprise-wide preventative maintenance standards still in use. Member of CBRE's Rising Professional Organization and certified first responder on the Emergency Response Team.
Enterprise Ops Emergency Response $100M Facility
Projects

What I've Built

Security Platform
KEVSEC Intelligence Dashboard
Full-spectrum personal SOC: live CVE feeds, threat actor profiling, geopolitical intelligence, honeypot telemetry, Proxmox infrastructure telemetry, stock/weather/news aggregation, and 3.4M+ IP blocklist management — all in one hardened Flask application. Custom-built from scratch, running in production 24/7. No off-the-shelf SIEM. No paid feeds. Just raw engineering.
dash.kevsec.com ↗
OSINT Tool · Open Source
OSINT Username Enumerator
Python reconnaissance tool for cross-platform username enumeration across hundreds of platforms simultaneously. Engineered for passive footprint analysis, digital identity mapping, and threat actor attribution — used in active threat intelligence workflows. Open source on GitHub.
github.com/Slankey ↗
Active Defense · Production
KEVSEC Honeypot Network
High-fidelity deception infrastructure deployed across 40+ attack surface paths targeting the most-exploited vulnerabilities of 2023–2026: Palo Alto PAN-OS GlobalProtect (CVE-2024-3400), Ivanti Connect Secure (CVE-2025-0282), F5 BIG-IP (CVE-2023-46747), Citrix Bleed, MOVEit, Exchange ProxyShell, Confluence, VMware vCenter, Fortinet FortiGate, WordPress, cPanel, phpMyAdmin, Jupyter, Kubernetes API, AWS IMDS, HashiCorp Vault, and more. Each fake panel logs the probe, fires an nftables ban, and reports to fail2ban. Events are enriched via bgp.tools + ip-api.com for state-actor attribution — catches Chinese operators routing through Western VPS space.
Live on kevsec.com · 40+ trap paths
Active Defense · Production
Automated IP Kill Chain
Multi-source threat aggregation pipeline running on cron: honeypot events → fail2ban jails (9 active, monitoring in real time) → SSH tarpit IPs → deduplicated into a TTL-indexed custom.meta.tsv → merged with external feeds (Spamhaus DROP, blocklist.de, FireHOL Level 1) → compiled into nftables sets atomically. 3.4 million IPs blocked without a single firewall rule per IP. Every morning, a Discord DM report delivers newly-banned IPs with ASN, country, and state-actor flag. A Cloudflare-aware filter prevents banning CDN proxy IPs.
Live — nftables · 3.4M+ IPs blocked
Active Defense · Production
SSH Tarpit — endlessh
Port 22 serves endlessh — an SSH tarpit that sends an infinite, never-terminating SSH banner at 1 byte per 10 seconds. Scanning bots and credential stuffers connect expecting a login prompt; instead, they're locked in a read loop burning connection slots for minutes to hours. Real SSH runs on a non-standard port, invisible to mass scanners. Every trapped IP is timestamped, logged, and injected into the nftables pipeline. Eliminates noise, burns adversary resources, and feeds intelligence at zero server cost.
Live — port 22 · thousands of hours wasted
Infrastructure Automation
Automated Media Pipeline
End-to-end Python orchestration layer across rtorrent, Sonarr, Radarr, Jellyfin, and a Hetzner StorageBox NAS. Label-based routing on torrent completion, CIFS transfer, symlink library management, codec-aware routing (H.264 → NAS, HEVC → local), nightly queue worker, Jellyfin library refresh, and Discord + email completion notifications — fully hands-off.
Self-hosted · Proxmox + Hetzner StorageBox
Web Application
KEVSEC Story TTS Studio
Browser-based text-to-speech studio using Microsoft Edge TTS. Segments long-form text for batch synthesis, streams real-time progress via Server-Sent Events, and outputs downloadable audio — entirely CPU-bound, no GPU. 100GB cap with automatic cleanup. Built to run on aging hardware without compromise.
story.kevsec.com ↗
Web Application
KEVSEC Garden Intelligence
Hyperlocal precision agriculture dashboard for Port Washington, WI. Ingests real-time weather data, computes 7-day rainfall accumulation, estimates soil moisture, and generates AI-driven care schedules per plant species. Runs on the same Flask/Python data pipeline as the security dashboard — proving the architecture scales beyond its original purpose.
garden.kevsec.com ↗
Web Application
KEVSEC Citation Manager
APA 7 academic citation manager purpose-built for cybersecurity and intelligence research. Auto-fetches metadata via DOI, ISBN, and URL; supports DOI CrossRef, Open Library, and web scraping fallbacks; handles group authors, BibTeX/RIS import, and Word document export. Built for rapid source management during intelligence report production.
bib.kevsec.com ↗
Education & Certifications

Credentials & Training

B.S. Cybersecurity
Colorado State University Global (CSU System)
Minor: Intelligence & Homeland Security
● In Progress
Criminal Justice & Political Science
University of Wisconsin — Milwaukee
2013 – 2014
FEMA Certifications — Earned
[✓] FEMA IS-100.c: Introduction to Incident Command System Earned
[✓] FEMA IS-200.c: Basic ICS for Initial Response Earned
[✓] FEMA IS-700.b: Intro to National Incident Management System Earned
[✓] FEMA IS-800.d: National Response Framework Earned
Certification Roadmap
[ ] CompTIA Network+ Planned
[ ] CompTIA Security+ Planned
[ ] CompTIA CySA+ Planned
[ ] CompTIA Linux+ Planned
[ ] Certified Ethical Hacker (CEH) Planned
[ ] CISSP Planned
[ ] OSCP — Offensive Security Planned
Value Proposition

What I Bring

Real-world, production-proven capabilities — not just certifications.

Threat Intelligence
Operate a live, self-built intelligence platform ingesting CVE feeds, geopolitical threat data, dark web alerts, and real-time honeypot telemetry. Not a consumer of commercial platforms — I built the platform. Every alert is correlated, enriched, and actionable.
🔍
OSINT · HUMINT · SIGINT
Expert-level multi-INT collection across surface, deep, and dark web. Enumerated threat actor identities, mapped criminal infrastructure, and attributed campaigns to specific actors using digital breadcrumbs most analysts miss. Authored and maintains an open-source OSINT enumeration tool actively used by the community.
🕸
Adversary Tradecraft
Firsthand command of attacker TTPs from initial access to post-exploitation — studied where adversaries actually operate. Underground forums, crimeware-as-a-service ecosystems, and nation-state lateral movement patterns aren't abstractions. They're research subjects I track daily.
🌐
Dark Web Operations
Active long-term research across Tor hidden services, illicit marketplaces, paste sites, and threat actor forums. Credential exposure detection, data leak identification, and infrastructure attribution for proactive defense — before incidents, not after.
Hands-On Infrastructure Engineering
12+ production services running on hardened Linux — not a homelab demo, real infrastructure under live attack 24/7. Designed, built, and secured every layer: nftables firewall, fail2ban jails, Cloudflare WAF integration, nginx hardening, systemd service management, and automated backup pipelines.
🧬
Malware Reverse Engineering
Actually disassembling adversary tooling — not reading vendor reports. Static and dynamic analysis with Ghidra, x64dbg, and Volatility to unpack loaders, extract C2 configurations, and map execution chains to ATT&CK TTPs. Hands-on research with infostealers, RATs, ransomware droppers, and APT implants.
🎯
Terrorism & Extremism Research
Intelligence-driven analysis of domestic and international extremist movements — radicalization pipelines, operational security failures, propaganda distribution networks, and ideological actor attribution across the open web, social platforms, and encrypted channels.
🛡
Active Defense & Deception
Designed and deployed a production deception network: 40+ honeypot surfaces mimicking CVE-targeted systems (Ivanti, Palo Alto, Citrix, F5, Exchange, Confluence) fed by OSINT on scanner behavior. Every probe auto-bans, auto-enriches, and reports. Real adversaries hit it daily — and leave with nothing but burned IPs.
Contact

Establish Contact

kevsec@ops — secure-contact — bash
[email protected] in LinkedIn GitHub Resume