My Favourite Security-focused GPO: Stopping Script Execution with File AssociationsSome time ago, I stumbled upon an excellent post by Red Canary[1] that introduced a clever method to prevent users from accidentally…Nov 4Nov 4
Published inDetect FYIUnintentional Evasion: Investigating How CMD Fragmentation Hampers Detection & ResponseDiscover how CMD command fragmentation creates security blind spots, letting attackers evade detection and complicate investigations.Oct 3Oct 3
Telemetry on Linux vs. Windows: A Comparative AnalysisA look at how Windows and Linux manage telemetry to support incident response operations.Sep 3Sep 3
Behind the Scenes: The Daily Grind of Threat HunterI turned a Twitter thread into a blog post on the topic of threat hunting. This is an example of the real-world steps involved during a…Nov 29, 2023Nov 29, 2023
Published inInfoSec Write-upsUnderstanding Red to Be Better at Blue: Navigating New CrackMapExec UpdatesHow to research and develop detection and hunting techniques based on new features from commonly-used penetration testing frameworks.Sep 5, 2023Sep 5, 2023
Threat Hunting Metrics: The Good, The Bad and The UglyThreat hunting is a crucial aspect of information security, but measuring its effectiveness can be challenging. In this article, we will…Aug 21, 20232Aug 21, 20232
Public Opinion Survey Results: You’re PwnedI am starting these short-form blog posts that aim to provide insights into attackers’ actions once they gain access to a network. Although…Jul 5, 2023Jul 5, 2023
Published inDetect FYIEDR Telemetry Project: A Comprehensive ComparisonEndpoint Detection and Response (EDR) products have become essential to organizations’ cybersecurity strategies. As a result, understanding…Apr 19, 20237Apr 19, 20237
Published inDetect FYIThreat Hunting Series: Detection Engineering VS Threat HuntingThreat hunting is becoming mainstream, and despite the attention it receives, many people need help to differentiate it from other roles…Feb 21, 20232Feb 21, 20232