Canary Tokens: Free Tripwires That Catch Attackers in the Act
Canary tokens are digital tripwires that alert you the moment an attacker touches something they shouldn't. Free, no-install, and zero false positives.
Threat Hunting
9 articles
Cobalt Strike Detection & Hunting: A Defender's Playbook
How to detect Cobalt Strike beacons in your environment — network fingerprints, process injection patterns, Sigma rules, and practical hunting queries for blue teams.
LOLBins in 2026: How Attackers Use Windows Against Itself
79% of attacks in 2024 used no malware. Certutil, mshta, rundll32 — execution, persistence, and evasion via Windows built-ins. Detection rules included.
MDR in Plain English: What It Solves That Tools Alone Can't
Managed Detection and Response (MDR) delivers 24/7 expert-led threat hunting and active remediation that tools alone can't provide — and solves the SOC talent shortage at a fraction of the cost.
Starkiller: Inside Empire's C2 GUI — Red Team Playbook and Blue Team Detection
A technical deep dive into Starkiller and PowerShell Empire — how red teams deploy and operate it, and exactly how defenders can detect and disrupt it.
Windows Event Logs for Security Analysts: Read, Hunt, Automate
A practical guide to Windows Event Log analysis for blue teams — key Event IDs, PowerShell automation, cross-version differences, and structured exports for SIEM tools.
Wireshark for Threat Detection: A Practical Guide for 2026
How to find real threats with Wireshark in 2026 — encrypted traffic analysis, JA3 fingerprinting, ransomware patterns, C2 beaconing, and DNS tunneling explained step by step.
Salt Typhoon: How China Hacked the World's Largest Telecoms
Salt Typhoon is the worst telecom breach in history. The Chinese APT stayed hidden for years inside AT&T, Verizon and T-Mobile. Here's the full attack chain, the tools they used, and the detection opportunities blue teams missed.
Threat Hunting with Wazuh: Building Effective Detection Rules
A practical guide to writing custom Wazuh detection rules for threat hunting — covering rule anatomy, decoder chaining, MITRE ATT&CK mapping, and real-world detection scenarios for enterprise environments.