PinnedPublished inDetect FYIDeconstructing “Wmiexec-Pro”I recently ran a Kali VM against a Windows test host and instrumented the target with Procmon and WMI/Windows logs to see how a new…Oct 23Oct 23
PinnedPublished inDetect FYI“Invoke-Shadow” — Applying Jungian Psychology to Detection Engineering“Until you make the unconscious conscious, it will direct your life — and you will call it fate.” — Carl JungApr 8A response icon4Apr 8A response icon4
PinnedPublished inDetect FYIMy 2025 Detection Philosophy and the Pursuit of Immutable ArtifactsIf a log falls in the SIEM, does it generate an alert?Mar 24Mar 24
Published inDetect FYIThoughts on the recent Ethereum smart contracts C2 abuseHello all! 👋 It’s been a while since my last post. I wasn’t finding anything exciting to write about — until this story caught my…Sep 6Sep 6
Published inDetect FYIDetection Pitfalls You Might Be Sleeping OnDetection engineering isn’t just about finding bad behavior. It’s about understanding how attackers appear normal — on accident or by…May 12May 12
Published inDetect FYIPractical Cyber Deception — Introduction to “Chaotic Good”Ok, so before we start, I personally think this is a bit of an “offside” topic. While the tech exists, personally I am not familiar with…Apr 30Apr 30
Published inDetect FYIImmutable Artifacts — Enabling RDP ConnectionsBuilding on my previous article, in this article we will adopt the “Immutable Artifacts” methodology to detect such artifacts for…Dec 2, 2024Dec 2, 2024
Published inDetect FYIDetecting WiFi dumping via direct WinAPI calls and introduction to “Immutable Artifacts”Lately I’ve been reading a LOT of materials on how to write better detection rules. The main reason this whole thing started is that I’ve…Nov 25, 2024Nov 25, 2024
Published inDetect FYIDetection of Impacket’s “PSExec.py”What is Impacket / PSExec?Oct 28, 2024Oct 28, 2024
