Alan Neilan's blog of random stuff™

---

Project maintained by ANeilan Hosted on GitHub Pages — Theme by mattgraham

Alan Neilan

Security Researcher | Blog: aneilan.github.io | Linkedin: https://www.linkedin.com/in/alan-neilan-4a271a158/ | Massachusetts, United States

Previously employed as a Threat Analyst, my passion is security research and threat hunting which I currently do in my spare time. This can involve hunting for new phishing threats, analyzing malware, threat actor tracking and public speaking. Using data gathered during threat hunting, I then pivot and find additional threats targeting the same brand, or from the same threat actor. I am a member of multiple online forums, closed channels, and groups dedicated to security research and distributing information on evolving threats. The data I collect and distribute to impacted parties is used to quickly mitigate threats and take down attacker infrastructure.

Experience:

Threat Analyst | WMC Global | January 2022 - October 2024

• Triaged and executed takedowns on client-branded phishing URLS to reduce consumer harm.

• Contacted phone number providers to take down numbers being used in phishing attacks.

• Worked on classifying threat data for url classification system.

• Worked on updating documentation regarding abuse contacts.

Helpdesk and Security Analyst | Steward Health Care Systems | July 2018 - January 2022

• Provided customer service to end users and utilized internal documentation to resolve issues.

• Triaged calls/tickets to appropriate teams if requests could not be resolved.

• Proactively scanned (via Shodan) public infrastructure for out-of-date assets, identifying an unsupported host with deprecated operating systems, and subsequently initiated and assisted in the migration plan, greatly improving security posture.

• Acted as a liaison between Helpdesk and the Security Engineering & Operations team.

• Investigated end user access issues, managed VPN token distribution, and blocked inappropriate sites.

Independent Security Researcher | 2016 - Present

• Authoring blog posts and articles providing analysis on collected phishing kits and IOCs

• Analyzing and sharing intel gathered on threat actors and phishing kits with other members of the CTI community.

• OSS contributions and development.

• Breach reporting/notification to companies exposing sensitive data or assets.

• Contributing and maintaining repositories of deobfuscated phishing pages.

• Submitting CFPs and public speaking around threat hunting and privacy advocacy
  • “Moby Dick: Stories of going after phishing attacks”
  • “How to preserve what little privacy you have left on the internet”

• Direct collaboration with multiple threat intelligence teams across multiple verticals, to aid in identification and takedown of malicious content.

• Frequent collaboration with informal cybersecurity peer groups.

• Research appeared in “Safari Zone” section of “ThugCrowd” security podcast shownotes
  • “Thugcrowd S03E01 - February 4, 2020 - Season 3 Premiere”
  • “Thugcrowd S02E14 - September 24, 2019”
  • “Thugcrowd S02E04 - June 25, 2019 - Hacker History with @hexadecim8”
• Research cited in other media.
  • “Clubhouse Malware - Analysis of an Agent Tesla Infection Campaign”
  • “The Taters’ fate: how Trump supporters are lied to, radicalized, and infected with malware”
  • “Layer 8 Podcast - Episode 94: Alan Neilan - The Phishing Kit Hunter”