Skip to content
Honesty Technology Consulting Get in touch

INDEPENDENT RESEARCH & CONSULTING BY MATTHEW KIRKLAND

Decoding threats. Engineering defenses.

I am an independent security researcher, threat investigator, and systems developer. I work on malware command-and-control tracking, binary triage, reverse engineering, DNS telemetry, and secure infrastructure for active environments.

Core Expertise

Security & Threat Research

Threat Intel & OSINT

Tracking threat actors, dissecting campaigns, compiling detection matrices, and turning malware command-and-control telemetry into usable security research.

Reverse Engineering

Building binary-analysis tooling for Ghidra, Radare2, and ILSpy, including MCP-driven triage workflows for malware and suspicious binaries.

DNS Telemetry & Research

Analyzing DNS threat telemetry, mapping domain reputation matrices, and conducting threat research under specialized external contracts for domainintelligence.uk and ADAMnetworks.

Secure IT & Managed Services

Securing, architecting, and managing commercial IT environments, networks, and security infrastructure under external contract for Nerds On Site.

Matthew Kirkland

Operational Focus

Research, telemetry, and tooling

I work independently on security research, threat investigation, and systems development. Most of the work sits around malware behavior, DNS telemetry, secure infrastructure, and the practical problems that fall between those areas.

My client work is contract-based and technical. For ADAMnetworks, I analyze threat telemetry and malware behavior. For domainintelligence.uk, I work on DNS reputation mapping and telemetry tracking. With Nerds On Site, I help secure, architect, and manage commercial IT environments.

My personal projects sit outside client work, but they show the same pattern. Derp.ca is a malware infrastructure tracker and research notebook. It tracks C2 hosts, distribution hosts, ransomware claims, indicators, and writeups from sandbox output and community threat intelligence. The YARA rules are based on that research.

RogueBinary.com is the public reference for Rogue Binary MCP. The Ghidra, Radare2, and ILSpy servers are built for agent-driven reverse engineering: bounded output, cached backends, persistent analysis sessions, and focused binary triage.

Derp.ca Feeds

Research and daily tracking

Two live feeds from Derp.ca: long-form research on one side, daily cybercrime briefings on the other.

Research Feed

Security Research

Longer malware research, reverse engineering notes, campaign writeups, and indicators. Cybercrime Daily posts are kept out of this feed.

RSS
Derp.ca

PoisonX WindowsTelemetry: BYOVD-Assisted RAT With a Plugin Loader

PoisonX WindowsTelemetry chain: VERSION.dll sideloading, BYOVD scheduler, 10FX RAT protocol, SOCKS relay, plugin loading, and C2 reuse across two archives.
Derp.ca

CrystalX: unpacking a Go RAT through three encrypted layers

Static reverse engineering of a 6.9 MB Go RAT delivered through a C stub loader with XOR, ChaCha20, DEFLATE, AES-GCM strings, and WebSocket C2.
Derp.ca

Vidar v1.5 in Go: same family, new language, heavy sandbox checks

A Go 1.25.4 Vidar v1.5 sample uses a twelve-category sandbox scoring system, Telegram and Steam dead-drop C2 discovery, and process injection APIs.
Derp.ca

Eimeria: five layers from RAR5 to RunPE

Five-layer delivery chain from a RAR5 archive through a signed carrier DLL side-load, AES-CBC hidden in a fake zlib DLL, IExpress extraction, AutoIt process hollowing, and a .NET...
Open Derp archive

Daily Feed

Cybercrime Daily

Daily briefings covering C2 observations, ransomware claims, vulnerability notes, and active security news.

RSS
Derp.ca

A Day In Cybercrime: May 28, 2026

Daily threat intelligence for May 28, 2026: 422 C2 observations, 42 ransomware claims, 179 OSV MAL advisories, and 5 news items.
Derp.ca

A Day In Cybercrime: May 27, 2026

Daily threat intelligence for May 27, 2026: 345 C2 observations, 11 ransomware claims, 431 OSV MAL advisories, and 5 news items.
Derp.ca

A Day In Cybercrime: May 26, 2026

Daily threat intelligence for May 26, 2026: 400 C2 observations, 21 ransomware claims, 59 OSV MAL advisories, and 5 news items.
Derp.ca

A Day In Cybercrime: May 25, 2026

Daily threat intelligence for May 25, 2026: 3,154 C2 observations, 19 ransomware claims, 15 OSV MAL advisories, and 5 news items.
Open Derp archive

Contact & Connect

Get in touch