Willi Ballenthin is a reverse engineer in the FireEye Labs Advanced Reverse Engineering (FLARE) Team who specializes in incident response and computer forensics. He can typically be found investigating intrusions at Fortune 500 companies and enjoys reverse engineering malware, developing forensic techniques, and exploring the cutting edge. Willi is the author of a number of cross-platform Python libraries including python-registry, python-evtx, and INDXParse.py.
WhyMI so Sexy? WMI Attacks, Real-Time Defense, and Advanced Forensic Analysis