ETHAN
MIGUEL
CRUZ

Cybersecurity Enthusiast | Analyst in Training

$ ./contact --open $ ./writeups --browse
01
Internship
10
Write-ups
05
Core Skills
01 // ABOUT_ME

Growing up, I've always lived by one motto: be happy-go-lucky. That hasn't changed, I've just gotten more intentional about where I put my energy. Today that means my friends, my dogs, my family, and building a career in cybersecurity.

I leaned toward blue team because the investigative side is where the thrill is. There's something satisfying about reconstructing how an attacker got in, what they took, how they moved. Knowing how to prevent the next one is what makes it feel complete.

Right now I'm a GRC intern at Globe Telecom doing third-party risk assessments and ISMS documentation, while grinding through the TryHackMe SOC L1 path on the side. The more I do both, the more I think the policy side and the technical side are really just the same problem from different angles.

BS Information Technology student at PUP Manila, graduating August 2026.

FOCUS AREAS
Phishing Analysis Alert Triage
Incident Response Log Correlation
CURRENTLY
role: GRC Intern
org: Globe Telecom, Inc.
focus: ISO 27001 / ISMS
02 // WRITE_UPS
cat:
diff:
permissions category difficulty name
-rw-r--r-- Malware/IR Medium Boogeyman 1
Investigated a targeted phishing attack against a logistics company's finance team. Traced a malicious LNK file delivered via encrypted ZIP, decoded an obfuscated PowerShell payload, and uncovered credential exfiltration via DNS tunneling using nslookup.
-rw-r--r-- Malware/IR Medium Boogeyman 2
Investigated a second-wave attack by the Boogeyman group, this time targeting HR via a malicious Word document resume. Used Volatility for memory forensics to trace payload execution, C2 establishment, and scheduled task persistence.
-rw-r--r-- Malware/IR Medium Boogeyman 3
Threat hunted a full lateral movement chain through Elastic SIEM — traced a CEO-targeted phishing email through ISO payload delivery, rundll32 LOLBin abuse, UAC bypass via fodhelper, Mimikatz credential dumping, Pass-the-Hash lateral movement, DCSync domain compromise, and ransomware deployment.
-rw-r--r-- Malware/IR Medium Tempest
Full incident response investigation covering a Follina (CVE-2022-30190) exploitation chain, Base64-obfuscated payload delivery, Chisel-based port tunneling for C2, privilege escalation via PrintSpoofer, and SYSTEM-level lateral movement leading to new account creation.
-rw-r--r-- Threat Intel Easy Invite Only
Threat intelligence analysis on two flagged indicators (IP and SHA256 hash). Traced execution parents, dropped files, and malware family using VirusTotal. Identified AsyncRAT as the malware family, ClickFix as the phishing technique, and Discord invite hijacking as the delivery mechanism.
-rw-r--r-- Forensics Very Easy Vantage
Analyzed network packet captures of a compromised OpenStack cloud environment. Traced an FFUF subdomain fuzzing campaign, brute-forced cloud login, API config file theft, Swift object storage enumeration, and exfiltration of a 28-record user data file — ending with attacker persistence via a new cloud account.
-rw-r--r-- Log Analysis Easy ItsyBitsy
Investigated a potential C2 communication alert in Elastic/Kibana using a week's worth of HTTP connection logs. Identified Bitsadmin as the LOtL binary used to reach out to Pastebin, retrieved the malicious URI, and recovered the staged secret file.
-rw-r--r-- Forensics Very Easy Telly
Analyzed a network capture from a compromised Linux backup server flagged for data exfiltration. Traced Telnet-based exploitation via CVE-2026-24061, followed TCP streams to map attacker activity including backdoor account creation, linper.sh persistence toolkit deployment, and exfiltration of a credit card database that was shredded by the attacker afterward.
-rw-r--r-- SOC Sim Easy SOC Sim: Apr 30
Worked through a 4-alert SOC simulation queue covering phishing email triage and firewall events. Used Splunk for log investigation and VirusTotal and Cisco Talos for threat intel. Classified two active phishing campaigns — one blocked at the perimeter, one requiring immediate escalation for potential credential compromise.
-rw-r--r-- Forensics Medium Masquerade
Analyzed a spearphishing attack where a Finance employee executed a malicious script posing as a system admin update. Traced RC4-decrypted payload delivery via PowerShell, identified C2 traffic hidden inside Google HTTP responses, and decrypted double-encrypted AES GUID commands to recover the flag.
// no results

// 8 TryHackMe, 2 Hack The Box

03 // EXPERIENCE
CYBERSECURITY — GRC INTERN
Globe Telecom, Inc.   ·  Jan 2026 — Present

Risk-tiered hundreds of third-party vendors against an internal rubric, tracked ISO 27001 control compliance, and revamped the ISMS document control tracker by consolidating version history and review status across divisions.

COMMUNITY MODERATOR
Crypto Marketing Agency   ·  Sep 2023 — Sep 2024

Monitored online communities and acted as first responder for phishing attempts, scams, and moderator impersonation incidents across active user bases.

04 // SKILLS
CORE_COMPETENCIES
Security Event Monitoring
Threat Intelligence Analysis
Incident Detection & Response
Attention to Detail
Communication
SKILLS, TOOLING & FRAMEWORK
Phishing AnalysisAlert TriageIncident ResponseLog CorrelationSplunkElastic/KibanaWiresharktsharkEvtxEcmdTimeline ExplorerBrimVolatilityolevbalnkparseVirusTotalCyberChefPythonBashLinuxOSINTISO 27001ISMS
CURRENTLY LEARNING
SOC OpsThreat HuntingMITRE ATT&CKForensics
05 // CONTACT

// Open to entry-level roles, internships, and collaborative projects.

$ cat contact.txt
email
github ShinsenMiruku ↗ open
linkedin ethan cruz ↗ open
tryhackme shinsen ↗ open
hackthebox shznmrku ↗ open
credly ethan-cruz ↗ open
$