All Stories

The DFIR thing reg parsing #1

This blog post was lost in migration from Wordpress to Github Pages. :(

In dfir, Aug 29, 2024
The DFIR thing reg parsing #1

The DFIR thing

The DFIR.. what?

In dfir, Jul 27, 2024
The DFIR thing

Impacket - Part 3

Continuing with Impacket

In threat hunting, Jun 01, 2024
Impacket - Part 3

Impacket - Part 2

Hello mr. Impacket – I am back!

In threat hunting, Apr 27, 2024
Impacket - Part 2

Exploring hunting options for catching Impacket

Hunting for usage of Impacket

In threat hunting, Apr 13, 2024
Exploring hunting options for catching Impacket

Threat hunting for signs of credential dumping

Why this topic?

In threat hunting, Mar 11, 2024
Threat hunting for signs of credential dumping

Hunting for signs of SEO poisoning

How to hunt for SEO poisoning?

In threat hunting, Feb 23, 2024
Hunting for signs of SEO poisoning

Rare process launch as a service

Back after a long break

In threat hunting, Feb 05, 2024
Rare process launch as a service

OpenCTI RSS feed support

RSS feed support in OpenCTI

In threat intelligence, Sep 16, 2023
OpenCTI RSS feed support

Threat Intelligence Platform - OpenCTI

What?

In threat intelligence, Jul 06, 2023
Threat Intelligence Platform - OpenCTI

Featured

  1. Machine Learning for Threat Hunting
    In Threat Hunting,
  2. Autonomous SOC, part 2, isolating agent
    In SOC,
  3. Autonomous SOC, possible or just pointless AI hype?
    In SOC,
  4. Why Your Threat Hunting Program Is Working (Even When It Finds Nothing)
    In threat hunting,
  5. OpenCTI RSS feed support
    In threat intelligence,
  6. Threat Intelligence Platform - OpenCTI
    In threat intelligence,