14 articles
Active Directory Certificate Services is installed in most enterprise networks — and almost always misconfigured. Here's how attackers exploit ESC1 through ESC8 with Certipy, and how to detect and stop them.
79% of attacks in 2024 used no malware at all. Attackers abuse Windows' own built-in tools — certutil, mshta, rundll32 — to execute code and evade detection. Here's the full attack playbook and how to detect it.
Every major Linux distro ships services you never asked for. From snapd to CUPS to rpcbind — a practical audit guide covering Ubuntu, Debian, RHEL, Rocky, Fedora, and openSUSE.
A practical guide to Windows Event Log analysis for blue teams — key Event IDs, PowerShell automation, cross-version differences, and structured exports for SIEM tools.
MFA is no longer enough to protect Microsoft Entra ID accounts. Attackers steal tokens, register their own devices, and bypass Conditional Access — without ever touching a password. Here's the full attack chain and how to detect it.
Salt Typhoon is the worst telecom breach in history. The Chinese APT stayed hidden for years inside AT&T, Verizon and T-Mobile. Here's the full attack chain, the tools they used, and the detection opportunities blue teams missed.
We tear apart a realistic phishing email using Security Decoder — headers, URLs, JWT tokens, and obfuscated JavaScript — and show exactly what each red flag means.
Qualys TRU disclosed nine confused deputy vulnerabilities in Linux AppArmor — exposing 12.6 million servers to root escalation, KASLR bypass, and container isolation collapse. Technical deep dive and detection guide.
A technical deep dive into Starkiller and PowerShell Empire — how red teams deploy and operate it, and exactly how defenders can detect and disrupt it.
A complete purple team walkthrough of Active Directory attack chains — from initial foothold through Kerberoasting, DCSync, and Golden Tickets to full domain compromise, with detection rules for every technique.
A practical guide to building a purple team program using only free, open-source tools. Covers Atomic Red Team, MITRE Caldera, Sigma rules, Wazuh, and VECTR with real setup examples.
Windows PATH hijacking enables attackers to execute malicious code through writable directories. PathSentry uses two-phase detection to identify vulnerable PATH entries before exploitation.
A practical guide to writing custom Wazuh rules for threat hunting, covering rule anatomy, decoder chaining, and real-world detection scenarios.
Discover the real skills, mindset, and strategies needed to become a genuine SOC professional—from technical mastery to standing out in job hunts.