Mar 23 · 6 min read · Introduction Zscaler published a blog post about a new malware called SnappyClient, written in the C++ programming language. The malware communicates with its C&C server using a custom binary protocol
Join discussionFeb 18 · 7 min read · Introduction Modern enterprise environments rely heavily on third-party and internally developed applications to support daily operations. These applications frequently depend on Dynamic Link Libraries (DLLs) to load required functionality at runtime...
Join discussionJan 26 · 10 min read · Trong các cuộc tấn công mạng hiện đại, đặc biệt là các chiến dịch lateral movement và post-exploitation trong môi trường Active Directory, attacker hiếm khi “tự viết lại bánh xe”. Thay vào đó, họ tận dụng những bộ công cụ mã nguồn mở đã được kiểm chứ...
Join discussion
Jan 22 · 3 min read · What Is Detection Engineering? In today’s banking and fintech landscape, cyber threats are no longer a distant concern- they are constant, sophisticated, and financially motivated. From credential theft to insider fraud and complex money-laundering s...
Join discussion
Jan 16 · 3 min read · Your app is finally live. You celebrate the release 🎉.Meanwhile, attackers are already pulling it apart by reverse engineering your app, modifying the code, and redistributing a compromised version to users. Mobile app tampering is a real security r...
Join discussion
Jan 15 · 2 min read · Machine learning–based intrusion detection systems often look impressive in notebooks but fall apart when applied to real network traffic.The problem usually isn’t the algorithm, it’s the design assumptions behind the system. I’m currently building a...
Join discussionNov 22, 2025 · 11 min read · The moment I learned about Detection as Code(DaC) I knew it was something I wanted to learn so I wasted no time diving in. I spent the next weekend setting up a DaC pipeline foundation that will allow me to expand upon as I get more proficient with i...
Join discussion
Nov 10, 2025 · 5 min read · Prolog I needed to come up with a detection for an AWS environment, that is cheap, will take custom detection (preferably Sigma rule for easier maintenance) and somewhat flexible/ customizable. I ended up using with the Lambda that consume sigma and ...
Join discussion
Nov 3, 2025 · 4 min read · This recent attack, which I addressed through a reported False Negative, requires a clear understanding of the scenario to ensure everyone can grasp the situation. In this analysis, we examine a sophisticated malware chain that utilizes PowerShell an...
Join discussion
