AutoHotkey Malware Loaders: How Attackers Weaponize Automation Scripts
AutoHotkey isn't just for productivity scripts — attackers use it as a stealthy malware loader. Learn how AHK-based campaigns work and how to detect them.
Windows
4 articles
Rapid Compromise Triage: First 10 Minutes on Linux and Windows
A practical workflow for the first 10 minutes after a suspected breach — commands with explanations for Linux and Windows triage, red flags, and when to escalate.
BYOVD: How Attackers Use Legitimate Drivers to Kill Your Security Tools
BYOVD (Bring Your Own Vulnerable Driver) lets attackers reach the Windows kernel using signed, legitimate drivers — and then silently kill your EDR before ransomware drops.
Windows Event Logs for Security Analysts: Read, Hunt, Automate
A practical guide to Windows Event Log analysis for blue teams — key Event IDs, PowerShell automation, cross-version differences, and structured exports for SIEM tools.