![Articles and Reports](data:image/svg+xml,%3Csvg xmlns="http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg" width="24" height="24" viewBox="0 0 24 24"%3E%3Cg fill="none" stroke="currentColor" stroke-linecap="round" stroke-linejoin="round" stroke-width="2"%3E%3Cpath d="M15 8h2m-2 4h2m-5 4H7m14-4V6a2 2 0 0 0-2-2H5a2 2 0 0 0-2 2v12a2 2 0 0 0 2 2h7M7 8v4h4V8H7z"%2F%3E%3Cpath d="M19.268 19.268a2.5 2.5 0 1 0-3.536-3.536a2.5 2.5 0 0 0 3.536 3.536zm0 0L21 21"%2F%3E%3C%2Fg%3E%3C%2Fsvg%3E)
Using Memory Analysis to Detect EDR-Nullifying Malware
Abuse and Detection of M365D Live Response for privilege escalation on Control Plane (Tier0) assets
It’s Time to Break the SOC Analyst Burnout Cycle
Uncovering Windows Events
Writing Your Own Ticket to the Cloud Like APT: A Dive to AD FS Attacks, Detections, and Mitigations
SpAML: Spoofing Users in Azure AD With SAML Claims Transformations
The Bicycle of the Forensic Analyst
Fuzzy hashing logs to find malicious activity
Logging strategies for security incident response
Mastering Email Forwarding Rules in Microsoft 365
Ransomware in the cloud
Using Azurehound to Identify Azure Attack Paths by Kevin Mwanjumwa
AWS Cloud Log Extraction
These Are The Drivers You Are Looking For: Detect and Prevent Malicious Drivers
Is your antivirus really secure? Testing Powershell payload obfuscated with Chimera
Hunting & Detecting SMB Named Pipe Pivoting (Lateral Movement)
Welcome 👋 Microsoft Extractor Suite
Exploring Impersonation through the Named Pipe Filesystem Driver
Detecting and decrypting Sliver C2 – a threat hunter’s guide
AppDomain Manager Injection: New Techniques For Red Teams
Living Off The Land Drivers 1.0 Release: New Features, Enrichments, and Community Contributions
Trucking on with DotDumper
From on-prem to Global Admin without password reset
Advanced threat hunting within Active Directory Domain Services - Knowledge is power!
Tampering with Conditional Access Policies Using Azure AD Graph API
Quasar Rat Analysis - Identification of 64 Quasar Servers Using Shodan and Censys
Unmasking Ransomware Using Stylometric Analysis: Shadow, 8BASE, Rancoz
Hunting Malicious Infrastructure using JARM and HTTP Response
Don't @ Me: URL Obfuscation Through Schema Abuse
Avoiding Consent to MS Graph PowerShell with Azure CLI: A Step Towards Simpler Operations and Adversary Simulation
Hunting Malicious Infrastructure using JARM and HTTP Response
Don't @ Me: URL Obfuscation Through Schema Abuse
Is Cloud Forensics just Log Analysis? Kind Of.
SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack
Advanced threat hunting within Active Directory Domain Services - Knowledge is power!
Living Off The Land Drivers 1.0 Release: New Features, Enrichments, and Community Contributions
Trucking on with DotDumper
Avoiding Consent to MS Graph PowerShell with Azure CLI: A Step Towards Simpler Operations and Adversary Simulation
The Bicycle of the Forensic Analyst
Hunting Malicious Infrastructure using JARM and HTTP Response
Is Cloud Forensics just Log Analysis? Kind Of.
Unmasking Ransomware Using Stylometric Analysis: Shadow, 8BASE, Rancoz