All Stories

Turla

Why Turla?

In threat hunting, May 19, 2023
Turla

Analysis of the current malware - Icedid

In threat hunting, Mar 19, 2023
Analysis of the current malware - Icedid

Malware statistics to ELK

I’ve been somewhat busy lately and hadn’t had much time to write anything to the blog unfortunately. I also have had some issues in thinking of good topics as I don’t want to get stuc...

In threat hunting, Feb 16, 2023
Malware statistics to ELK

Hunting for msbuild based execution

Why?

In threat hunting, Jan 21, 2023
Hunting for msbuild based execution

AsyncRAT

In threat hunting, Jan 08, 2023
AsyncRAT

HTML Smuggling - how does it look like?

In threat hunting, Dec 18, 2022
HTML Smuggling - how does it look like?

MDE/MDI/MDO365 advanced hunt queries to ELK

I’ve been using Jupyter Notebook for quite sometime in threat hunting and incident response purposes. It is great as it offers the python data analytic tools to be used with the data ...

In threat hunting, Nov 28, 2022
MDE/MDI/MDO365 advanced hunt queries to ELK

Qakbot

Qakbot - anything new on a recent sample?

In threat hunting, Nov 22, 2022
Qakbot

My version of a home lab

This time I am going to introduced my version of a home lab. This is not as “pro” as many others have but have a good combination of lab and a home computer in a same package. The pos...

In threat hunting, Nov 19, 2022
My version of a home lab

Recent phishing emails + Emotet recent sample analysis

Phishing emails

In threat hunting, Nov 13, 2022
Recent phishing emails + Emotet recent sample analysis

Featured

  1. Machine Learning for Threat Hunting
    In Threat Hunting,
  2. Autonomous SOC, part 2, isolating agent
    In SOC,
  3. Autonomous SOC, possible or just pointless AI hype?
    In SOC,
  4. Why Your Threat Hunting Program Is Working (Even When It Finds Nothing)
    In threat hunting,
  5. OpenCTI RSS feed support
    In threat intelligence,
  6. Threat Intelligence Platform - OpenCTI
    In threat intelligence,