$ whoami
Antonio (Toño) Díaz Castaño — Principal Consultant in Digital Forensics & Incident Response at Unit 42, Palo Alto Networks. 15+ years in cybersecurity. Based in León, investigating incidents worldwide.
Don’t Panic. 🚀
$ cat /proc/career
Unit 42 — Palo Alto Networks
Principal Consultant - DFIR (2024 - Present)
Part of Palo Alto Networks’ global cybersecurity team, which handles over 1,000 incidents per year. I lead critical investigations at an international level, collaborating on approximately 50 incidents annually and contributing to the development of global DFIR strategies.
One eSecurity
DFIR Lead & Principal Consultant (2021 - 2024)
A boutique incident response firm with ties to SANS. I led the DFIR area, overseeing strategy and execution of response to multiple simultaneous incidents. I managed a team of IR professionals, developed forensic tools and methodologies, and provided high-level consulting to organizations during their most critical moments.
Inditex
Blue Team Lead / Information Security Specialist (2011 - 2021)
Nearly a decade at one of the world’s largest retail companies. Started in OS, database, network device, and POS system hardening. Evolved to lead the Blue Team, managing L2/L3 of the CERT. Designed the complete log lifecycle — from the hardening that generates them, SIEM forwarding, parsing, alerts, and associated procedures. Led threat hunting, purple teaming, and deception projects.
COSIC — KU Leuven (Belgium)
Cryptography Researcher (2011)
Doctoral research on cryptography applied to smartphones. Designed and implemented an electronic petition system on Android with signer privacy and anonymity, working with Direct Anonymous Attestation (DAA) protocols and electronic ID cards (e-ID).
$ cat /etc/education
| Year | Institution | Degree |
|---|---|---|
| 2019 - 2021 | Universitat Oberta de Catalunya | MSc in ICT Security |
| 2013 - 2015 | UNED | MSc in Communications, Networks & Content Management (Security track). Thesis: Industrial Environment Security Simulation using Honeypots |
| 2010 - 2011 | KU Leuven (Belgium) | Master Thesis in Electrical Engineering / Cryptography. Anonymous ePetitions with secure hardware for smart phones |
| 2005 - 2010 | Universidade de Vigo | MSc in Telecommunications Engineering (Telematics) |
$ ls /etc/certs/
5 GIAC certifications in DFIR, incident response, and forensic analysis areas.
$ cat /etc/skills
| Area | Detail |
|---|---|
| DFIR | Incident response, forensic analysis, triage, timeline analysis |
| Malware Analysis | IoC extraction, malware behavior understanding |
| Mobile Forensics | Mobile device forensic analysis |
| Development | Python, Rust — custom DFIR tooling |
| Offensive Security | Currently deepening — essential to become a better DFIR practitioner |
| Hardening | OS, databases, network, applications — a decade of experience |
| SIEM & Detection | Traceability design, alert management, event correlation |
| Threat Hunting | Proactive search for undiscovered threats |
$ cat /etc/purpose
This site was born from the conviction that there’s a lack of quality DFIR content in Spanish. There’s plenty of excellent material in English, but in Spanish the offering is limited. We Investigate Anything aims to be that reference.
The name is a tribute to The Three Investigators by Alfred Hitchcock — a young adult novel series that shaped an entire generation of curious minds who ended up investigating for real. Read the full story →
I enjoy noir and detective fiction, especially the investigative process that leads, through deduction, to solving the case. At its core, DFIR is exactly that.
$ cat /proc/tools
Tools I’ve created or contribute to:
| Tool | Description | Role |
|---|---|---|
| masstin | Lateral movement analysis in Rust | Creator |
| sabonis | DFIR pivoting on forensic artifacts | Creator |
| Persistence Boromir | Detection of 24 Windows persistence mechanisms | Contributor |
$ find / -name “contact”
- GitHub: jupyterj0nes
- LinkedIn: Antonio Díaz Castaño