May 22 · 4 min read · Background In most security operations centres, offensive and defensive knowledge exist in separate silos. Penetration testers understand exploitation chains intimately. SOC analysts understand alert
Join discussionMay 15 · 6 min read · Why This Matters Most defenders hunt for credential theft, Kerberoasting, or suspicious PowerShell. But what if an attacker never steals a password at all? In many Active Directory environments, misco
Join discussion
May 2 · 7 min read · I've been reading Robert Love's Linux Kernel Development. Chapter 15 covers the memory subsystem — virtual memory areas, page faults, Copy-on-Write. It's dense. I got through it, understood it concept
Join discussion
Apr 24 · 7 min read · Introduction Splunk published a blog post about a variant of the Gh0stRat malware family used in a new campaign delivered alongside the CloverPlus adware. The blog post is titled "Not Just Annoying Ad
Join discussionApr 5 · 2 min read · 1. Getting the logs into Splunk The task provided a web_activity.log file with HTTP requests grouped by internal IP addresses. My first step was to bring this data into Splunk so I could query and vis
Join discussion
Mar 23 · 6 min read · Introduction Zscaler published a blog post about a new malware called SnappyClient, written in the C++ programming language. The malware communicates with its C&C server using a custom binary protocol
Join discussionFeb 18 · 7 min read · Introduction Modern enterprise environments rely heavily on third-party and internally developed applications to support daily operations. These applications frequently depend on Dynamic Link Libraries (DLLs) to load required functionality at runtime...
Join discussionJan 26 · 10 min read · Trong các cuộc tấn công mạng hiện đại, đặc biệt là các chiến dịch lateral movement và post-exploitation trong môi trường Active Directory, attacker hiếm khi “tự viết lại bánh xe”. Thay vào đó, họ tận dụng những bộ công cụ mã nguồn mở đã được kiểm chứ...
Join discussion
Jan 16 · 3 min read · Your app is finally live. You celebrate the release 🎉.Meanwhile, attackers are already pulling it apart by reverse engineering your app, modifying the code, and redistributing a compromised version to users. Mobile app tampering is a real security r...
Join discussion
