threat hunting

A deep dive into a newly discovered C2 framework, Nexus C2 — its features, operational flaws, and the implications of AI-generated malware in the wild.

A look at hunting C2 frameworks in the wild, including identifying a previously unknown C2 framework.

A follow-up investigation mapping 1,337 phishing URLs across 326 workers.dev hostnames, confirming a PhaaS multi-tenant architecture, encrypted client-side payloads, and new lure variants targeting Adobe, DocuSign, and Outlook branding.

Uncovering a phishing campaign abusing Microsoft Device Code Authentication and Cloudflare Worker Pages, with detection hunts for Entra and Microsoft 365.

A look into automating the hunt for malicious NPM packages, using AI for package review.

A look at a new phishing campaign, ConsentFix which utilises click-fix style techniques to steal auth tokens.

A walkthrough of different Token Theft Scenarios with Detections

A practical guide to implementing threat hunting in a SOC environment and moving beyond reactive detection