Apr 5 · 2 min read · 1. Getting the logs into Splunk The task provided a web_activity.log file with HTTP requests grouped by internal IP addresses. My first step was to bring this data into Splunk so I could query and vis
Join discussion
Apr 3 · 40 min read · TL;DR — Read This First On March 19, 2026 at approximately 17:43 UTC, threat actor group TeamPCP silently redirected trivy-action@0.34.2 — a real, trusted release already running in thousands of CI/CD
CCorrelic commented
Feb 26 · 5 min read · Cisco Talos has disclosed a previously unknown backdoor called Dohdoor, deployed by threat activity cluster UAT-10027 against U.S. education and healthcare organizations since December 2025. The malware uses DNS-over-HTTPS (DoH) to resolve C2 domains...
Join discussionFeb 20 · 37 min read · Part 3 of 3 | ← Part 2: Production Security Architecture | ← Part 1: Attack Vectors and Verification 🔒 Update — April 2026: Cisco's DefenseClaw now provides structured enforcement events (dc_block,
Join discussion
Feb 19 · 3 min read · In this walkthrough, we investigate the SOC163 – Suspicious Certutil.exe Usage alert in the LetsDefend platform. 🔎 Alert Overview The monitoring dashboard shows an alert triggered for suspicious usage of certutil.exe. Certutil.exe is a legitimate ...
Join discussion
Jan 30 · 8 min read · 1. Introduction In an era where cyberattacks make headlines daily from massive data breaches at corporations to state-sponsored espionage the demand for cybersecurity professionals has skyrocketed. But not all roles are created equal. While tradition...
Join discussion
Jan 1 · 3 min read · For Day 22 of the Advent of Cyber, I completed the "Command & Carol" mission, which focused on Command and Control (C2) detection. This challenge introduced a specialized tool called Rita (Real Intelligence Threat Analytics) to hunt for malicious bea...
Join discussion
