Writeups on malware analysis, cloud IR, offensive tooling, and AI security.
Tooling
This is a tool announcement and a build log. I built ShareSift because Snaffler's false positive rate is a real problem on engagements, and I wanted to see…
Tooling
I'd be bouncing between a browser, Splunk, course notes, Sigma rules, and old pentest writeups just to answer the same kinds of questions: Which Event IDs matter here?…
Malware
Overview Stage 1 - AutoIt Dropper (script.au3) Stage 2 – DLL Loader (740b0000.clr.dll) Stage 3 – Decrypted Payload Execution (RegSvcs.exe) Volatility Memory Analysis - Manual PE Mapping Legitimate…
AD
Introduction This blog outlines detection strategies for over 20 real-world Active Directory attack techniques. Each entry includes: ATT&CK technique mapping Execution commands Log source configurations Tested detection queries…
Malware
Introduction Exploiting IFEO for Persistence Registry Location Debugger Value Abuse Alternate IFEO Values The Role of Debug Object Hijacking Registry Modification Process for IFEO Persistence Selecting a Target…
Malware
After completing HackTheBox’s Malicious Document Analysis Module, I felt inspired to dive deeper into analyzing malicious documents independently. My goal was to analyze recent samples quickly, within a…
Tooling
Here’s a Review of the Certified Defensive Security Analyst Certification from HackTheBox. Official Description from HackTheBox “HTB Certified Defensive Security Analyst (HTB CDSA) is a highly hands-on certification…
AD
Introduction Setting Up Splunk Attack Range Setup IAM and AWS Pre-setup Range Commands: Realism Download VM (AMI) Create AMI Export Configuration Import into VirtualBox VM Networking To set…