Threat hunt reports, detection engineering breakdowns, and technical deep dives. Real work, not reposted news.
I'm working on writeups for my threat hunts and detection work. Follow me on LinkedIn to know when they drop.
Follow on LinkedInHow callstack analysis of explorer.exe revealed a ClickFix attack before RAT deployment.
1,300+ community Sigma rules imported and tuned, ~40 custom detections, LimaCharlie, and a lot of tuning.
ETW providers and File I/O patterns for detecting ransomware at the kernel level.