<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=116645602292181&amp;ev=PageView&amp;noscript=1">


Security Research

The Nocturnus security research team specializes in discovering new attack methodologies, reverse-engineering malware, and exposing new system vulnerabilities. Team Nocturnus was the first to discover a vaccination for two of the largest cyber attacks of 2017-- NotPetya and Bad Rabbit.



The Nocturnus hunting team continuously monitors threats across the globe to proactively seek out malicious activity and identify security gaps within our customers’ environments. Through hunting engagements, the team has unearthed numerous targeted attacks, APTs, and sophisticated malware that would have otherwise gone unnoticed.

Security Operations

The Nocturnus security operations center is globally operated with offices in the U.S., Japan, and Israel to provide 24 X 7 customer support. The team is uniquely positioned to provide rapid incident resolution and to ensure clients are always receiving best-in-class protection.


Incident Response

The Nocturnus Incident Response team provides experience and technical expertise to our customers through all stages of the incident response lifecycle. From preparation, to proactive assessment and response - we sit at the tip of your spear in the fight against advanced threats.


Learn More


Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data

In this research, we explain one of the most recent and unique campaigns involving the Astaroth trojan. This Trojan and information stealer was recognized in Europe and chiefly affected Brazil through the abuse of native OS processes and the exploitation of security-related products.

Read More

In this research, we explain one of the most recent and unique camp...

Read More

Banking Trojan Delivered By LOLbins: How the Ramnit Trojan spreads via sLoad in a cyberattack

Cybereason detected an evasive infection technique used to spread a variant of the Ramnit banking Trojan as part of an Italian spam campaign. We investigate this attack, its use of sLoad, and its adoption of LOLbins to minimize discovery.

Read More

Cybereason detected an evasive infection technique used to spread a...

Read More

Pervasive Brazilian financial malware targets bank customers in Latin America and Europe

Cybereason’s Nocturnus team mapped out the multi-stage malware distribution infrastructure behind Brazilian financial malware and found that Brazilian-made malware have become pervasive and target over 60 banks in nearly a dozen countries throughout Latin America, Spain and Portugal.

Read More

Cybereason’s Nocturnus team mapped out the multi-stage malware dist...

Read More

We know if something is too complex for us to analyze, we can escalate it to the Nocturnus team - they’ve got the expertise to help us.

CTO, Health Care Services Organization


Assaf Dahan


Assaf has over 15 years in the InfoSec industry. He started his career in the Israeli Military 8200 Cybersecurity unit where he developed extensive experience in offensive security. Later in his career he led Red Teams, developed penetration testing methodologies, and specialized in malware analysis and reverse engineering.

Matthew Green

twitter linkedin

Matt has spent more than a decade in the Information Security industry with a current focus in incident detection & response; including adversarial tactics, techniques, and common knowledge. A keen digital forensics and incident response practitioner, Matt has a passion for detection, mitigating threats, and developing interesting solutions for the fight against evil.

Mor Levi


Mor Levi has over 8 years of experience in cyber investigations, incident response, and SIEM/SOC management. She began her career as a team leader in the Israeli Defense Force security operation center. Later, she led an incident response and forensics team at one of the big four accounting firms providing services to global organizations.

Vlad Ogranovich


Vlad has been in the industry for 10 years, establishing SOCs and incident response teams, as well as providing large-scale incident response, digital forensics, threat intelligence, and malware analysis for large organizations. Today, Vlad leads the Advanced Services team in Japan's SOC which provides professional services such as IR, malware analysis, and hunting engagements.

Peter Ortiz


Peter has over a decade of cybersecurity experience as a network security engineer, forensicator, threat hunter, and incident responder. He’s worked for a Fortune 100 Oil & Gas Company as well as several security managed service providers offering services to thousands of customers.

Amit Serper

twitter linkedin

Amit began his security career at an Israeli government intelligence agency. He specializes in low-level, vulnerability, exploit and kernel research, malware analysis, and reverse engineering. He has extensive experience researching large-scale network attacks and undocumented OS resources. 

Danielle Wood


Danielle has been in the technology industry for 30+ years. During the last 14 years, she has provided forensics and incident response support for US Federal and state organizations and as well as Fortune and Global 100 companies.

Niv Yona


Niv, Threat Hunting & Research Lead, began his career as a team leader in the security operations center in the Israeli Air Force, where he focused on incident response, forensics, and malware analysis. At Cybereason, Niv focuses on threat research that directly enhances product detections and the Nocturnus hunting playbook.

There are world-renowned researchers working at Cybereason who I can reach out to to discuss the latest threats.

Justin Metallo, CISO, Beam Suntory