>// SANJAY
DIAGNOSTICS: REPORT_INDEX.DB

SECURITY WRITE-UPS

DATE: 2026-05-12 6 MIN READ

Writing Sigma Rules to Detect Living-off-the-Land Binaries (LOLBins)

An in-depth guide on detecting threat actors leveraging built-in Windows utilities (like certutil, mshta) for malicious execution, with custom Sigma and Splunk SPL examples.

Sigma Splunk LOLBins Windows Sec
Read Full Log >
DATE: 2026-04-05 8 MIN READ

Deconstructing a Multi-Stage Phishing Attack with Log Correlation

Walkthrough of a SOC investigation tracking a malicious payload from email headers, firewall logs, endpoint processes, to registry updates using QRadar correlation alerts.

Incident Response IBM QRadar Log Analysis Phishing
Read Full Log >
DATE: 2026-03-20 5 MIN READ

Automating Threat Enrichment in Splunk with Custom Python APIs

Learn how to build a Python daemon that monitors Splunk search results, queries threat intelligence feeds, and dynamically updates firewall rules.

Python Splunk API Automation Threat Intel
Read Full Log >
DATE: 2026-02-10 7 MIN READ

Hunting for Lateral Movement in Active Directory Logs

A threat hunting guide focusing on event log IDs (4624, 4625, 4768) to track lateral movement techniques like Pass-the-Hash and Kerberoasting.

Threat Hunting Active Directory Event Logs MITRE ATT&CK
Read Full Log >