DIAGNOSTICS: REPORT_INDEX.DB
SECURITY WRITE-UPS
Writing Sigma Rules to Detect Living-off-the-Land Binaries (LOLBins)
An in-depth guide on detecting threat actors leveraging built-in Windows utilities (like certutil, mshta) for malicious execution, with custom Sigma and Splunk SPL examples.
Sigma
Splunk
LOLBins
Windows Sec
Read Full Log >
Deconstructing a Multi-Stage Phishing Attack with Log Correlation
Walkthrough of a SOC investigation tracking a malicious payload from email headers, firewall logs, endpoint processes, to registry updates using QRadar correlation alerts.
Incident Response
IBM QRadar
Log Analysis
Phishing
Read Full Log >
Automating Threat Enrichment in Splunk with Custom Python APIs
Learn how to build a Python daemon that monitors Splunk search results, queries threat intelligence feeds, and dynamically updates firewall rules.
Python
Splunk API
Automation
Threat Intel
Read Full Log >
Hunting for Lateral Movement in Active Directory Logs
A threat hunting guide focusing on event log IDs (4624, 4625, 4768) to track lateral movement techniques like Pass-the-Hash and Kerberoasting.
Threat Hunting
Active Directory
Event Logs
MITRE ATT&CK
Read Full Log >