> all_blog_posts

The Universal Cyber Incident Taxonomy (UCIT)

The Universal Cyber Incident Taxonomy (UCIT)

A Simple Cyber Event Labelling Schema That Actually Works

July 14, 2025

Incident Response SOC Management Strategy
It's ORBin' Time: Detecting Covert Relay Networks in Your Telemetry

It's ORBin' Time: Detecting Covert Relay Networks in Your Telemetry

Identifying which ORB Networks are Targeting You

July 07, 2025

Threat Hunting Infrastructure Tracking Threat Intelligence
Automating the Simple Blocks with Blackwall

Automating the Simple Blocks with Blackwall

Another Simple Auto-Refresh ASN Blocklist

July 01, 2025

Threat Hunting Infrastructure Tracking Threat Intelligence
East, Fast, Cheap Deception in the Cloud

East, Fast, Cheap Deception in the Cloud

Leveraging External IdP for Easy Honeynets

June 22, 2025

Threat Hunting Deception Tech Threat Intelligence
Catching North Koreans & Laptop Farms

Catching North Koreans & Laptop Farms

Detection Techniques for Farms on Your Network

June 13, 2025

Threat Intelligence Threat Hunting Threat Analysis
Deep Diving Amadey Source Code

Deep Diving Amadey Source Code

When C2 works both ways

March 25, 2025

Amadey Stealers Threat Analysis
A History of GraphAPI Attacks

A History of GraphAPI Attacks

Everybody's in the Cloud, particularly the attacker

February 07, 2025

O365 Tactic Tracking Threat Intelligence
C2 Redirector Usage and You

C2 Redirector Usage and You

A Blue Teamer's Guide to Obfuscated Command & Control

January 12, 2025

Command & Control Threat Hunting Infrastructure Tracking Threat Intelligence