Microsoft Entra Token Theft - Part One: Offline Access and Conditional Access
A walkthrough of different Token Theft Scenarios with Detections
All Posts
14 articles on cybersecurity research, malware analysis, and threat hunting
Detecting Abuse of VSCode Remote Tunnels
Detecting abuse of VSCode Remote Tunnels for C2 and persistence by threat actors
Microsoft Dev Tunnels: Tunnelling C2 and More
How threat actors abuse Microsoft Dev Tunnels for C2 communication and detection strategies
SVCHost.exe and Internet Sharing Triage
Investigating suspicious svchost.exe behavior and Internet Connection Sharing during malware triage
Virtual Machine Aware Phishing Sites
Analysis of phishing kits that detect and evade virtual machine environments
A Guide to Threat Hunting in a SOC
A practical guide to implementing threat hunting in a SOC environment and moving beyond reactive detection
Cobalt Strike - Bypassing C2 Network Detections
Using Malleable C2 profiles and C2 Concealer to bypass network-based detection of Cobalt Strike beacons
How to install Elastic SIEM and Elastic EDR
Complete guide to installing and configuring Elastic SIEM with EDR capabilities
Malware Analysis: Memory Forensics with Volatility 3
Using Volatility 3 for memory forensics to analyze malware-infected systems
Analysing Fileless Malware: Cobalt Strike Beacon
Step-by-step analysis of a multi-stage fileless malware campaign delivering Cobalt Strike beacon
Home Monitoring: Sending Zeek logs to ELK
Configure Filebeat to ship Zeek network logs to ELK Stack for home network monitoring
Create enterprise monitoring at home with Zeek and Elk (Part 1)
Build a home network monitoring lab using Zeek IDS and ELK Stack for traffic analysis
Local File Inclusion Vulnerability Explained (with a bit of pentesting)
Understanding and exploiting Local File Inclusion vulnerabilities through practical pentesting
Static Malware Analysis with OLE Tools and CyberChef
Analyzing malicious Office documents using OLE Tools and CyberChef for static analysis