About
Matthieu Gras
Incident Responder based in Zurich, Switzerland. I specialize in malware analysis, reverse engineering, and digital forensics.
Work Experience
Incident Responder (B2B CSIRT) — Swisscom
July 2024 – Present | Zurich, CH
- Lead full-lifecycle Incident Response for B2B clients, managing critical events (Ransomware, BEC, APTs)
- Perform deep-dive technical investigations via Dead-Disk Forensics, Malware Analysis, and Reverse Engineering
- Architect and maintain CSIRT infrastructure via IaC (Terraform, Ansible, AWS, GitLab CI/CD)
- Engineer custom forensic tooling (Python/Go) and build a modern, LLM-integrated reporting pipeline
- Mentor junior analysts through case reviews and technical training
Cyber Security Analyst (B2B SOC) — Swisscom
March 2023 – July 2024 | Zurich, CH
- Served as Shift Lead and Cortex XDR SME, overseeing operations and QA for the analyst team
- Spearheaded Detection Engineering efforts by researching attack techniques and deploying new use cases
- Supported business growth by presenting technical SOC capabilities during client RFP presentations
Education
MSc Cyber Security — ETH Zurich and EPFL
2020 – 2022
Master Thesis: “Explicit meets Implicit Monitoring”
BSc Computer Science — ETH Zurich
2016 – 2020
Bachelor Thesis: “Scalable Online Monitoring of Distributed Systems” (Published in RV 2020)
Research & Projects
Acreed: On-Chain C2 Evolution
- Dissected a sophisticated campaign deploying ACR and Mac.c Stealers via multi-stage infection chains
- Investigated the actor’s use of “EtherHiding” on the Binance Smart Chain testnet via on-chain forensics
- Developed Python decryption tools for C2 configs and authored YARA rules for Go-based stealers and macOS droppers
Unmasking Amadey 5
- Reverse engineered Amadey 5, mapping its evolution into a modular RAT with hidden VNC capabilities
- Discovered critical implementation flaws degrading the malware’s RC4 and Vigenere encryption schemes
- Engineered a Go-based C2 parser and custom FakeNet handlers to emulate C2 logic for safe behavioral analysis
Certifications
GIAC Reverse Engineering Malware (GREM) — GIAC, Dec 2025
Skills
| Area | Technologies |
|---|---|
| Analysis & Forensics | IDA Pro, Ghidra, Velociraptor, KAPE, EZ Tools |
| Dev & Infra | Python, Go, Rust, C++, Terraform, Ansible, AWS, Azure, CI/CD |
| Languages | German (Native), English (Professional), French (Professional) |
Contact
- GitHub: matthieugras
- LinkedIn: matthieu-gras-a57828212
- Email: mgras843@gmail.com