Blogs
My published writings on security, threat hunting, and detection engineering.
2025
2024
- 10-01 Hunting for M365 Password Spraying
- 09-01 Analyzing Initial Access Across Today's Business Environment
- 07-11 Building the foundations: A defender's guide to AWS Bedrock
- 05-30 What's going on? The power of normalization in Cloud SIEM
- 04-01 Responding to CVE-2024-3094 - Supply chain compromise of XZ Utils
- 03-26 Hunt for cloud session anomalies with Cloud SIEM
- 01-11 Protecting identities with the Sumo Logic platform
2023
2022
2021
2020
- 11-23 Taking a Look at Office 365 Logs
- 10-29 Endpoint Hunting for UNC1878/KEGTAP TTPs
- 10-22 Active Directory (AD) Attacks & Enumeration at the Network Layer
- 10-05 WFH Lateral Movement TTPs
- 09-17 From Lares Labs: Defensive Guidance for ZeroLogon (CVE-2020-1472)
- 07-14 Hunt Fast: Splunk and tstats
- 04-01 Get Azure Key Vault Data into Splunk
- 03-15 Edit Your Sysmon Config in Style
- 03-01 Wrangle Your PowerShell Transcript Logs with Apache Nifi
2019
2018
- 10-01 Moloch + Suricata + JA3
2017
2016
- 12-20 (Attempting) to Detect Responder with Sysmon
- 12-15 Working with Sysmon
- 12-01 Setting up Sysmon