Diyar Saadi
Spectroblock , Security Operation Analyst , Malware Analyst , RE , Red Team Operator .
As Sulaymānīyah, Iraq
Actions
Diyar Saadi Ali is a formidable force in the realm of cybersecurity, renowned for their expertise in cybercrime investigations and their role as a certified SOC and malware analyst. With a laser-focused mission to decode and combat digital threats, Diyar approaches the complex world of cybersecurity with precision and unwavering dedication. At the core of their professional journey lies real-time security event monitoring a task Diyar executes with exceptional vigilance and expertise. As a respected MITRE ATT&CK Contributor, they have made invaluable contributions to the global cybersecurity community, sharing insights and strategies that help organizations bolster their defenses against evolving cyber threats. Diyar’s impact is further amplified by their role as the discoverer and owner of critical Common Vulnerabilities and Exposures (CVEs), including CVE-2024-25400 and CVE-2024-25399. These achievements underscore their commitment to identifying and addressing systemic vulnerabilities that could otherwise threaten digital ecosystems.
🎤 Speaking Engagements (Selected)
1-DeepSec 2024 – Firmware Forensics
2- Arab Cyber Security Conference
3- CyberSec Global 2025
4- CanSecWest 2025
5- SulyCyberCon
6- Nexus Club
7- Shellmates Club
8- Koya University – Softspace
9- UKH – Cyber Threat Hunting Seminar
10-Tishk University (Workshop Host) – Cyber Security Dept.
11- VulnCon
Area of Expertise
Topics
The Art of C2 Hunting: The Digital Cat-and-Mouse
Command and Control (C2) infrastructure is a critical component in the execution of cyberattacks, allowing attackers to remotely control compromised systems, deploy malware, and exfiltrate sensitive data. This document explores the intricate processes and techniques used for C2 hunting, focusing on methods to track, identify, and disrupt C2 servers used by cybercriminals. The guide covers various aspects of C2 hunting, beginning with an introduction to C2 communication methods and frameworks, such as DNS, HTTP, and IRC, commonly used by adversaries. The importance of hunting C2 is emphasized, highlighting its role in disrupting cyberattacks, preventing data exfiltration, and halting the spread of malware. In-depth attention is given to Open-Source Intelligence (OSINT) tools and public platforms, such as Shodan, VirusTotal, and ThreatFox, which provide valuable data on suspicious IP addresses, domains, and C2 infrastructure. It further discusses Google Dorking, a technique that leverages advanced search queries to discover exposed C2 servers and control panels. The document also details live C2 infrastructure hunting, showcasing how real-time analysis of network traffic and threat intelligence platforms can help security professionals track and block malicious C2 servers. The process of analyzing malware and its indicators, including IP addresses, domain names, and communication behaviors, is explored, providing a deeper understanding of how C2 servers operate. In conclusion, the guide stresses the importance of continuous learning in the field of C2 hunting, recommending various platforms and resources for further study. The growing role of threat intelligence platforms in proactive cybersecurity is highlighted as an essential tool for identifying and mitigating C2-related threats. This document serves as a comprehensive resource for cybersecurity professionals, malware analysts, and anyone interested in enhancing their skills in identifying and mitigating malicious C2 infrastructure.
Firmware Forensics: Analyzing Malware Embedded in Device Firmware
Firmware, essential to hardware functionality, increasingly becomes a prime target for cyber threat actors because of its foundational control over devices. This presentation delves into a detailed analysis of malware embedded within purported firmware updates for Sabrent devices, a case study revealing widespread exploitation. By leveraging advanced static and dynamic analysis techniques, we uncover the intricate workings of this malware, strategically hidden within seemingly legitimate firmware patches. Through meticulous investigation, including static examination for file headers, hashes, and embedded resources, and dynamic analysis within controlled environments, we decipher the malware’s operational stages. This includes its initial execution triggers, subsequent macro-driven deployments, and ultimate persistence mechanisms through registry modifications, all orchestrated to evade detection and ensure prolonged access to compromised systems.
Keys to Freedom: Analysis and Resolution of Arab Ransom Locker Infections
The presentation "Keys to Freedom: Analysis and Resolution of Arab Ransom Locker Infections" explores the intricate workings of the Arab Ransom Locker malware, focusing on its impact on mobile devices. This session delves into a comprehensive analysis of the ransomware's attack vector, encryption mechanisms, and behavioral patterns. It will also provide a step-by-step guide to unlocking infected devices, including proven recovery techniques, decryption tools, and preventive strategies.Targeted at cybersecurity professionals and mobile device users, the presentation aims to equip attendees with actionable insights to understand, mitigate, and neutralize the threat posed by this malicious ransomware.
Keys to Freedom: Analysis and Resolution of Arab Ransom Locker Infections
The presentation "Keys to Freedom: Analysis and Resolution of Arab Ransom Locker Infections" explores the intricate workings of the Arab Ransom Locker malware, focusing on its impact on mobile devices. This session delves into a comprehensive analysis of the ransomware's attack vector, encryption mechanisms, and behavioral patterns. It will also provide a step-by-step guide to unlocking infected devices, including proven recovery techniques, decryption tools, and preventive strategies. Targeted at cybersecurity professionals and mobile device users, the presentation aims to equip attendees with actionable insights to understand, mitigate, and neutralize the threat posed by this malicious ransomware.
https://www.secwest.net/presentations-2025/category/Diyar+Saadi
AI Weaponized Red Team
Artificial Intelligence (AI) is transforming red teaming by automating and optimizing offensive cybersecurity strategies. AI-powered red teams can rapidly conduct reconnaissance, identify vulnerabilities, and execute complex exploits with unprecedented efficiency. Machine learning enables adaptive attacks that evolve in real time, emulating the behavior of advanced persistent threats (APTs). Furthermore, AI enhances social engineering techniques, generating sophisticated phishing campaigns and leveraging deepfake technology for deception. While AI-driven red teaming improves the realism and effectiveness of security testing, it also introduces significant ethical and security concerns, including the risk of adversarial misuse. This study explores the role of AI in offensive security, its applications, associated risks, and the emerging challenges of AI-driven cyber warfare.
https://vulncon.in/events/vulncon2025/talks/ai-weaponized-red-team
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top