All Stories

Threat hunting for signs of credential dumping

Why this topic?

In threat hunting, Mar 11, 2024
Threat hunting for signs of credential dumping

Hunting for signs of SEO poisoning

How to hunt for SEO poisoning?

In threat hunting, Feb 23, 2024
Hunting for signs of SEO poisoning

Rare process launch as a service

Back after a long break

In threat hunting, Feb 05, 2024
Rare process launch as a service

OpenCTI RSS feed support

RSS feed support in OpenCTI

In threat intelligence, Sep 16, 2023
OpenCTI RSS feed support

Threat Intelligence Platform - OpenCTI

What?

In threat intelligence, Jul 06, 2023
Threat Intelligence Platform - OpenCTI

Turla

Why Turla?

In threat hunting, May 19, 2023
Turla

Analysis of the current malware - Icedid

In threat hunting, Mar 19, 2023
Analysis of the current malware - Icedid

Malware statistics to ELK

I’ve been somewhat busy lately and hadn’t had much time to write anything to the blog unfortunately. I also have had some issues in thinking of good topics as I don’t want to get stuc...

In threat hunting, Feb 16, 2023
Malware statistics to ELK

Hunting for msbuild based execution

Why?

In threat hunting, Jan 21, 2023
Hunting for msbuild based execution

AsyncRAT

In threat hunting, Jan 08, 2023
AsyncRAT

Featured

  1. Scattered Spider: When Social Engineering Meets Supply Chain Risk
    In incident preparation,
  2. Having a look at a few new fields in MDE
    In threat hunting,
  3. Look into couple of suspicous registry activities
    In threat hunting,
  4. Hunting for Windows Subsystem for Linux based attacks
    In threat hunting,
  5. The DFIR thing
    In dfir,
  6. OpenCTI RSS feed support
    In threat intelligence,
  7. Threat Intelligence Platform - OpenCTI
    In threat intelligence,