PinnedPublished inDetect FYIMy 2025 Detection Philosophy and the Pursuit of Immutable ArtifactsIf a log falls in the SIEM, does it generate an alert?Mar 24Mar 24
Published inDetect FYIImmutable Artifacts — Enabling RDP ConnectionsBuilding on my previous article, in this article we will adopt the “Immutable Artifacts” methodology to detect such artifacts for…Dec 2, 2024Dec 2, 2024
Published inDetect FYIDetecting WiFi dumping via direct WinAPI calls and introduction to “Immutable Artifacts”Lately I’ve been reading a LOT of materials on how to write better detection rules. The main reason this whole thing started is that I’ve…Nov 25, 2024Nov 25, 2024
Published inDetect FYIDetection of Impacket’s “PSExec.py”What is Impacket / PSExec?Oct 28, 2024Oct 28, 2024
Published inDetect FYIDetection of Impacket’s “ATExec.py”What is Impacket / ATExec?Oct 21, 2024Oct 21, 2024
Published inDetect FYIDetection of “EDRSilencer”Recently, there’s been quite a buzz in the infosec community about a new tool called “EDRSilencer”. From the tool’s Github description:Oct 18, 20242Oct 18, 20242
Published inDetect FYIViperSoft CryptostSo today wasn’t anything special, except that those really annoying Powershell windows that occasionally open on my screen for a…Jul 27, 2023Jul 27, 2023
