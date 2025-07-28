In this edition of Cyber Frontlines, meet Golo Mühr, Malware Reverse Engineer at IBM X-Force Threat Intelligence. Having been on the X-Force team for three years now, Golo works to expose and disrupt cyber crime and state-sponsored cyber operations. Most of his time is spent reverse engineering malware and C2 communication to create intelligence products and automations. He has reported on a wide variety of maliciousness, ranging from banking trojans and botnets to high-profile ransomware and nation-state cyberespionage attacks.
Stay up to date on Golo's work on LinkedIn.
I’ve been with IBM X-Force for more than three years now, focused on deep-dive malware research, hunting and investigating threat actors and their activities. In addition, I am working on creating and maintaining several threat intelligence collection and automation pipelines.
A curiosity to find out how things work, and the thrill of hunting. Deep-dive malware analysis has always been fascinating to me, tracing every single operation and uncovering details that have the power to disrupt future attacks.
Malware analysis and following wherever the path leads me: YARA rules, parser development, infrastructure collection, automations, hunting queries, attribution. I’ve produced research on phishing, downloaders, crypters, ransomware, Latin-American banking trojans and Russia-aligned espionage campaigns, as well as China-based threats.
I do enjoy my fair share of Golang malware, occasionally indulge in Delphi and will never resist a good old C sample. But other languages are cool too! Some not so much.
I can only recommend The Three Buddy Problem podcast and MSDN documentation.
DEFCON has an incredible community, culture and tradition, and is just a great vibe. Big fan.
Focus on what really matters. It sounds like lame advice, but invest in finding out what really matters. Actionable threat intelligence can help with that, but it’s just as important to actually take action based on the intelligence.
Don’t let anyone discourage you for lack of experience or skills. With enough passion and perseverance, there is nothing to stop you from growing; especially if you make use of the abundance of free information, learning, support and training that is available today. But most importantly, don’t forget to have fun and enjoy the journey. If you follow the path of work you enjoy most, you can’t help but turn out successful at what you do.
Increased abuse of legitimate services and tools to facilitate malicious behavior. This is not just LOLbins, but expands to cloud hosting and services, legitimate file types and other actions you cannot prevent. Organizations will require actionable threat intelligence and layered defense to counter these threats.
