Malware Development Intern

I had the opportunity to work directly with Cobalt Strike, which gave me exposure to how command and control frameworks operate. Seeing how operators interact with beacons and post exploitation workflows helped me think about offensive operations. This experience directly improved my abilities.

I really enjoyed learning the thought process behind malware development. I got to see the full waterfall from developer to operator. What developers need to communicate, how issues are tracked, and how changes are pushed so operators can use tools effectively. I also saw that many of the developers were either prior operators or experienced software engineers from large companies like Microsoft.

I spent time writing C code and strengthening my understanding of data structures and algorithms. Working at this level forced me to think carefully about memory, execution flow, and performance. Writing lower level code made it easier to reason about what software is actually doing at runtime instead of treating it like a black box.

I also learned how teams work in an agile development environment. I participated in daily stand ups, planning work, breaking tasks into small pieces, and iterating based on feedback. This changed how I view security tooling by treating it as real software that evolves over time instead of one off scripts.

Another major area of growth was static scanning and secure code review. I learned how to review code with my mindset and how static analysis works by building scanning workflows inside Docker. Creating and running SAST helped me to better understand the workflow of a development shop.

Finally, I worked on reverse engineering a FOSS tool to determine whether it showed beaconing behavior. Using FlareVM, I combined static and dynamic analysis to inspect execution behavior, network traffic, and indicators. This reinforced how offensive and defensive skills connect and why strong analysis skills matter on both sides.