Microsoft Entra Token Theft - Part One: Offline Access and Conditional Access
A walkthrough of different Token Theft Scenarios with Detections
On the Hunt
Deep dive into malware analysis, threat hunting, blue team defense strategies, and red team techniques
Recent Posts
View allDetecting Abuse of VSCode Remote Tunnels
Detecting abuse of VSCode Remote Tunnels for C2 and persistence by threat actors
Microsoft Dev Tunnels: Tunnelling C2 and More
How threat actors abuse Microsoft Dev Tunnels for C2 communication and detection strategies
SVCHost.exe and Internet Sharing Triage
Investigating suspicious svchost.exe behavior and Internet Connection Sharing during malware triage
Virtual Machine Aware Phishing Sites
Analysis of phishing kits that detect and evade virtual machine environments