By This Author
Steering clear of bad drivers: How to apply Microsoft’s recommended driver block rules Steering clear of bad drivers: How to apply Microsoft’s recommended driver block rules
September 2, 2021
Threat detection The adversary’s gift: When one technique opens a Pandora’s box The adversary’s gift: When one technique opens a Pandora’s box
July 28, 2021
Linux security Diary of a Detection Engineer: Babysitting child processes Diary of a Detection Engineer: Babysitting child processes
June 16, 2021
Threat detection Tales from decrypt: Differentiating decryptors from ransomware Tales from decrypt: Differentiating decryptors from ransomware
May 20, 2021
Threat detection Does signed mean trusted? The Mimikatz dilemma Does signed mean trusted? The Mimikatz dilemma
April 28, 2021
Threat detection The why, what, and how of threat research The why, what, and how of threat research
December 8, 2020
Threat detection Testing adversary technique variations with AtomicTestHarnesses Testing adversary technique variations with AtomicTestHarnesses
October 28, 2020
Testing and validation Remapping Red Canary with ATT&CK sub-techniques Remapping Red Canary with ATT&CK sub-techniques
October 1, 2020
Atomic Red Team