By This Author
Safely validate executable file attributes with Atomic Test Harnesses Safely validate executable file attributes with Atomic Test Harnesses
September 28, 2023
MITRE ATT&CK When MFA isn’t an option: The legacy of ROPC When MFA isn’t an option: The legacy of ROPC
June 14, 2023
Microsoft Better know a data source: Antimalware Scan Interface Better know a data source: Antimalware Scan Interface
January 12, 2022
Threat detection Better know a data source: Process command line Better know a data source: Process command line
October 20, 2021
Threat detection Steering clear of bad drivers: How to apply Microsoft’s recommended driver block rules Steering clear of bad drivers: How to apply Microsoft’s recommended driver block rules
September 2, 2021
Threat detection The adversary’s gift: When one technique opens a Pandora’s box The adversary’s gift: When one technique opens a Pandora’s box
July 28, 2021
Linux security Diary of a Detection Engineer: Babysitting child processes Diary of a Detection Engineer: Babysitting child processes
June 16, 2021
Threat detection Tales from decrypt: Differentiating decryptors from ransomware Tales from decrypt: Differentiating decryptors from ransomware
May 20, 2021
Threat detection