Using Memory Analysis to Detect EDR-Nullifying Malware
Abuse and Detection of M365D Live Response for privilege escalation on Control Plane (Tier0) assets
It’s Time to Break the SOC Analyst Burnout Cycle
Uncovering Windows Events
Writing Your Own Ticket to the Cloud Like APT: A Dive to AD FS Attacks, Detections, and Mitigations
SpAML: Spoofing Users in Azure AD With SAML Claims Transformations
The Bicycle of the Forensic Analyst
Fuzzy hashing logs to find malicious activity
Logging strategies for security incident response
Mastering Email Forwarding Rules in Microsoft 365
Ransomware in the cloud
Using Azurehound to Identify Azure Attack Paths by Kevin Mwanjumwa
AWS Cloud Log Extraction
These Are The Drivers You Are Looking For: Detect and Prevent Malicious Drivers
Is your antivirus really secure? Testing Powershell payload obfuscated with Chimera
Hunting & Detecting SMB Named Pipe Pivoting (Lateral Movement)
Welcome 👋 Microsoft Extractor Suite
Exploring Impersonation through the Named Pipe Filesystem Driver
Detecting and decrypting Sliver C2 – a threat hunter’s guide
AppDomain Manager Injection: New Techniques For Red Teams
Living Off The Land Drivers 1.0 Release: New Features, Enrichments, and Community Contributions
Trucking on with DotDumper
From on-prem to Global Admin without password reset
Advanced threat hunting within Active Directory Domain Services - Knowledge is power!
Tampering with Conditional Access Policies Using Azure AD Graph API
Quasar Rat Analysis - Identification of 64 Quasar Servers Using Shodan and Censys
Unmasking Ransomware Using Stylometric Analysis: Shadow, 8BASE, Rancoz
Hunting Malicious Infrastructure using JARM and HTTP Response
Don't @ Me: URL Obfuscation Through Schema Abuse
Avoiding Consent to MS Graph PowerShell with Azure CLI: A Step Towards Simpler Operations and Adversary Simulation
Is Cloud Forensics just Log Analysis? Kind Of.
SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack
Best Pipeline for Threat Hunting and Threat Intel
No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust
Abusing the COM Registry Structure: CLSID, LocalServer32, & InprocServer32
Building honeypots with vcluster and Falco: Episode I
Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs
Deceiving Bloodhound - Remote Registry Session Spoofing
Advisory: IDOR in Microsoft Teams Allows for External Tenants to Introduce Malware
New Mockingjay Process Injection Technique Could Let Malware Evade Detection
Sowing Chaos and Reaping Rewards in Confluence and Jira
Cut SIEM & AI cost by 80% with LogSlash & cwolves
The five-day job: A BlackByte ransomware intrusion case study
Performance, Diagnostics, and WMI
AWS threat emulation and detection validation with Stratus Red Team and Datadog Cloud SIEM
On (Structured) Data
50 Methods For Lsass Dump(RTC0002)
Token theft playbook
Challenges In Post-Exploitation Workflows
Windows RDP Session Hijacking
Bypassing EDR with Cobalt Strike Profiles
25 Methods for Pipeline Attacks(RTC0011)
Methods for Stealing Password in Browser(RTC0013)
Mandiant Gives Back
Revisiting Traditional Security Advice for Modern Threats
Creating a YARA Rule to Detect Obfuscated Strings
Weaponising VMs to bypass EDR – Akira ransomware
Okta for Red Teamers
Fortifying Your Defenses: How Microsoft Sentinel Safeguards Your Organization from BEC Attacks