Konrad Papaj
Threat Hunter | Penetration Tester
Summary
Offensive-minded cybersecurity professional with a penetration testing skill set and proven hands-on experience across full-scope engagements - reconnaissance, exploitation, Active Directory attacks, privilege escalation, lateral movement, and professional reporting. Currently working as a Threat Hunter, applying adversary tradecraft (MITRE ATT&CK, TTP emulation) to drive proactive hunts, which gives a strong dual-perspective understanding of both attack and defense. Award-winning Attack-Defence CTF competitor and contributor to international cyber-defense exercises (NATO CCDCOE Locked Shields).
Skills
Offensive Security: Penetration Testing (Network, Web, AD), Active Directory Attacks, Web Exploitation, Privilege Escalation, Lateral Movement, Pivoting, Exploit Development, Post-Exploitation
Detection & Hunting: Threat Hunting, KQL / Advanced Hunting, Microsoft Defender for Endpoint (MDE), SIEM, EDR, Detection Engineering, MITRE ATT&CK, Adversary Emulation
IR & Forensics: Incident Response, Digital Forensics (DFIR), Malware Analysis, Reverse Engineering, Root Cause Analysis, IOC/TTP Identification, Threat Intelligence
Technical: Python, PowerShell, KQL, Bash, Linux, Windows Internals, Deep Packet Inspection (DPI), Network Protocols, Docker, Git
Experience
Threat Hunting Specialist - Standard Chartered (Warsaw)
09/2025 – Present
- Designing and building an end-to-end hunt management platform for documenting, tracking, and operationalizing threat-hunting campaigns across the team, standardizing methodology and improving repeatability of hunts
- Performing proactive, hypothesis-driven threat hunting to identify indicators of compromise (IOCs) and adversary tactics, techniques, and procedures (TTPs) across enterprise environments
- Analyzing large-scale logs and endpoint/network telemetry to uncover stealthy and novel threats that evade automated detection
- Conducting deep-dive investigations and root cause analysis on suspicious activity escalated from SOC and telemetry
- Applying offensive tradecraft and adversary emulation (MITRE ATT&CK) to design and execute targeted hunts against realistic attacker techniques
Analyst, Cyber Threat Response - Standard Chartered (Warsaw)
11/2024 – 09/2025
- Monitored and triaged alerts across SIEM and EDR, performing root cause analysis to identify IOCs and TTPs used by threat actors
- Investigated and reverse-engineered phishing and malicious email campaigns, extracting IOCs and producing actionable intelligence for response
- Participated in Purple Team exercises, validating detection coverage against simulated attacker techniques and improving response procedures
- Developed automation scripts to accelerate triage and response workflows
- Represented the team at international cybersecurity conferences (e.g., CONFidence 2025)
Cybersecurity Analyst (nSOC) - NASK S.A. (Warsaw)
09/2023 – 11/2024
- Deployed and managed a Threat Intelligence platform (OpenCTI) from the ground up, integrating threat feeds and enabling structured CTI workflows for the SOC
- Conducted malware analysis (static, dynamic, and reverse engineering) and produced detailed technical reports
- Developed and tuned correlation rules in the SIEM to improve detection accuracy and reduce false positives
- Verified false-positive IPS signatures and performed application-layer DPI analysis (OSI Layer 7)
- Analyzed network traffic to identify potential threats and conducted penetration tests to assess security posture
- Authored and maintained SOC procedures and operational instructions; supported onboarding of new analysts
- Developed automation scripts to streamline recurring SOC workflows
Education
Bachelor's degree in Cybersecurity
Wyzsza Szkola Ksztalcenia Zawodowego - 2024 – 2027 (In Progress)
Certifications
- HTB Certified Penetration Testing Specialist (CPTS) - Hack The Box, Apr 2026
- Certified Defensive Security Analyst (CDSA) - Hack The Box, May 2025
- Certified Ethical Hacker Master (CEH + CEH Practical) - EC-Council, Oct 2024
- TDX Arena Penetration Tester - ThriveDX, Apr 2024
- Red Team Cybersecurity Specialist - University of Warsaw & HackerU, Mar 2024
Achievements
Operation Cyber Flag '26 (OCF '26) - Winner (May 2026)
- 1st place in the finals of an Attack-Defence CTF organized under the Cyber LEGION initiative by DKWOC (Dowodztwo Komponentu Wojsk Obrony Cyberprzestrzeni / Cyberspace Defence Forces Component Command)
- Team ByteBattlers - ~40 teams at start, top 12 advanced to finals
- Two days of continuous attack-defence operations: defending and patching live infrastructure under time pressure while exploiting opponents' systems
Locked Shields 2026 (LS26) - NATO CCDCOE (Apr 2026)
- Member of the POL/CZE WWW Team in the world's largest live-fire cyber defense exercise
- Polish-Czech team placed 4th globally
HTB Global Cyber Skills Benchmark CTF 2026: Project Nightfall - Team MVP (May 2026)
- Team ranking: 33/588 | Challenges solved: 63/69
- Recognized as Team MVP (most flags submitted on the team)
HolmesCTF 2025 (Hack The Box) - Blue Team (Sep 2025)
- 22nd place; all flags captured across Threat Intel, SOC, DFIR, and malware reversing challenges
HTB Global Cyber Skills Benchmark CTF 2025: Operation Blackout - Team MVP (May 2025)
- Team ranking: 38/796 | Challenges solved: 81/103
- Recognized as Team MVP (highest number of solved challenges)
HTB Cyber Apocalypse CTF 2025: Tales From Eldoria (Mar 2025)
- Team ranking: 135/8130 | Challenges solved: 67/77
Projects
- kondred.com - Personal cybersecurity blog publishing end-to-end HTB machine writeups (web exploitation, AD attacks, privilege escalation) and detection/threat-hunting research
- Active CTF competitor across web, binary exploitation, forensics, and reversing categories
- Regular participant in Polish and international security conferences (CONFidence, Sekurak / HackSummit)
Interests
CTF · HackTheBox · Penetration Testing · Malware Analysis · Digital Forensics · Reverse Engineering · Threat Hunting · AI / LLM-assisted Security
Languages
- English - Fluent (C1)
- Polish - Native