Xiangrui Kong

Xiangrui has presented at various conferences on digital forensic investigation topics and provided training workshops for local chapters. Additionally, he has contributed to ongoing research and led various internal development projects.

Xiangrui is a Certified Information Systems Security Professional (CISSP), EnCase Certified Examiner (EnCE), and a CREST Practitioner Intrusion Analyst (CPIA). He holds the Cellebrite Mobile Forensics Fundamentals (CMFF) and Certified Physical Analyst (CCPA) certificates, alongside the following SANS GIAC certificates: Certified Forensic Analyst (GCFA), Certified Incident Handler (GCIH), Certified Defending Advanced Threats (GDAT), and Certified Reverse Malware Engineering (GREM).

Xiangrui has delivered on notable projects in many different industries and for a variety of investigations, including:

• Threat hunting of an international biotech firm. Identified a hidden ongoing network intrusion before any serious damage was caused.
• Intrusion detection, breach scoping, and remediation for a hotel chain targeted by an organized cybercrime group.
• Complex breach investigation of a global infrastructure service provider.
• Determination of alleged theft of intellectual property by former or current employees at technology design and manufacture headquarters.
• O365 breaches as part of business email compromise investigations for a real estate company.
• Data security audit of a semiconductor company.
• Investigations of ransomware attacks by various well-known threat actor groups, such as LockBit, Conti, BlackCat, AvosLocker, Hive, Lapsus$, REvil, etc.