About
Aleksandar Milenkoski is a Principal Threat Researcher at SentinelLABS. With expertise in malware research and focus on targeted attacks, he brings a blend of practical and deep insights to the forefront of cyber threat intelligence. Aleksandar has a PhD in system security and is the author of numerous reports on cyberespionage and high-impact cybercriminal operations, conference talks, and peer-reviewed research papers. From 2011 to 2014, he was a European Commission Marie Skłodowska-Curie Research Fellow. His research has won awards from SPEC, the Bavarian Foundation for Science, and the University of Würzburg.
Notable Work
Some of Aleksandar's contributions include uncovering the Sandman cyberespionage group, likely associated with suspected China-based groups, and Operation Tainted Love, attacks highly likely conducted by a Chinese cyberespionage actor related to Operation Soft Cell. Additionally, he made significant contributions to SentinelLabs' research on Metador, a never-before-seen advanced threat actor targeting entities in the Middle East and Africa.
In the Media
His research has been covered in leading media outlets, including The Washington Post, Forbes, WIRED, Politico, The Record, and many other news platforms focusing on cybersecurity.
Collaborations
Aleksandar has actively collaborated with experts from the private and government sector, including:
- North Atlantic Treaty Organization (NATO)
- Microsoft Threat Intelligence Center (MSTIC)
- German Federal Office for Information Security (BSI)
- Netherlands Police
- Google Threat Intelligence (VirusTotal)
- PricewaterhouseCoopers (PwC)
- Recorded Future
Background
Aleksandar earned a PhD degree in cybersecurity in 2016 based on his research conducted at the Karlsruhe Institute of Technology (KIT) and University of Würzburg (Germany). From 2011 to 2014, he was a European Commission Marie Skłodowska-Curie Research Fellow.
He has served as an Adjunct Lecturer at the Baden-Württemberg Cooperative State University Mosbach and the University of Würzburg (Germany).
He has contributed as an expert to the NATO Defence Education Enhancement Programme (DEEP) initiative "Artificial Intelligence as a Tool for Military Power", supporting the development of education on artificial intelligence for military education institutions.
Awards
His academic research has been recognized with a research grant from the German Research Foundation (DFG), as well as awards from the Standard Performance Evaluation Corporation (USA), the Bavarian Foundation for Science, and the University of Würzburg.
Experience
Senior Threat And Malware Analyst
Show detailsHide details
- Established malware research and reporting practices.
- Established and led the work on the Cybereason Quarterly Threat Intelligence Report. Released 4 Quarterly Threat Intelligence Reports over the employment period.
- Produced threat research blog posts that achieved media mentions and a minimum of 3000 unique site visits. Presented research to wide audiences - current and prospect customers, sales teams, and customer support managers.
- Investigated and documented over 20 malware families, threat actors, and attack campaigns that posed a significant or immediate threat to clients. Analyzed and modeled telemetry data to identify threat actor tactics, techniques, and procedures (TTPs) in an attack lifecycle.
- Reverse engineered malicious code to achieve a deep-dive look into malware, extract detection indicators, and do detection engineering using pattern-matching languages (e.g., Yara).
Senior Security Researcher and Reverse Engineer
Show detailsHide details
- Led long-term projects for key accounts, such as the German Federal Office for Information Security (BSI), with over 1300 person-days.
- Created a course on Windows internals, named "Insight into Windows Internals", and trained industry professionals over 3 years. Founded the Windows Insight project.
- Authored over 10 detailed technical reports on Windows internals.
- Analyzed (reverse engineered) 7 Windows user- and kernel-level security mechanisms, such as Virtual Secure Mode and Windows Defender Application Guard, as well as malicious code. Created detections for modelled intrusion activities.
Computer Security Researcher
Show detailsHide details
- Attained 5 awards and recognitions for scientific achievements, a grant for research in IT security by the German Research Foundation, and a PhD degree with honors.
- Mentored 4 students for Bachelor and Master of Science degrees and lectured undergraduate courses.
- Authored 5 technical reports and 14 peer-reviewed publications, published at top-tier conferences and journals, such as ACM Computing Surveys and International Symposium on Research in Attacks, Intrusions, and Defenses (RAID).
- Conducted research in virtualization security, with a focus on analyzing the top 3 market share hypervisors - Hyper-V, KVM, and Xen.
Visiting Computer Security Researcher
Show detailsHide details
- Conducted research in virtualization security, with a focus on analyzing the top 3 market share hypervisors - Hyper-V, KVM, and Xen.
Positions
Expert Contributor
NATO Defence Education Enhancement Programme (DEEP) initiative "Artificial Intelligence as a Tool for Military Power"
Adjunct Lecturer
Adjunct Lecturer
Program Committee Member
Elected Chair
Elected Secretary
Research and Industry Paper Reviewer
- IEEE Transactions on Information Forensics & Security
- IEEE Transactions on Services Computing
- IEEE International Symposium on Software Reliability Engineering ISSRE 2015/2020
- ACM SIGMETRICS 2012
- IEEE Cloud Computing Magazine