Categories

Detection-Development ETW Forensics Reverse-Engineering Threat-Hunting Tools eBPF ios Other

Detection-Development

04 Aug 2022
Commandline Cloaking 2 - Tetragon and Nim
10 Jun 2022
SIEMCraft - Security detection monitoring using Minecraft
04 Jan 2022
Commandline Cloaking and Sysmon for Linux
11 Jan 2020
Using Python Bandit to find dodgy packages

ETW

30 Nov 2022
Gaining Threat-Intelligence the REALLY dodgy way
01 Jul 2021
ETW on Windows 11 - Initial thoughts
12 May 2021
Gaining Threat-Intelligence the dodgy way
16 Dec 2020
Experimenting with Protected Processes and Threat-Intelligence
31 Oct 2020
Getting more out of the Windows Filtering ETW Events
21 Jul 2020
Introducing Sealighter - Sysmon-Like research tool for ETW

Forensics

22 Aug 2022
Linux cloud memory forensics tutorial

Reverse-Engineering

19 Nov 2020
Tracking Windows Updates with Git and CI
11 Jan 2020
Experimenting with Ghidra Scripting

Threat-Hunting

04 Sep 2021
Hunting Sliver
28 Nov 2020
Hunting Koadic Pt. 2 - JARM Fingerprinting
03 Dec 2019
Hunting Koadic across Shodan

Tools

21 Aug 2022
Tool - Use TouchID and the Secure Enclave from the commandline
21 Jul 2022
Tool - Using AWS Lambdas to distribute WebRequests
02 Jun 2022
Tool - Create run VPNs in various clouds
24 Apr 2022
Tool - Use Terraform and Bitcoin to run VMs

eBPF

01 Aug 2021
DEF CON 29: Bad BPF - Warping reality using eBPF
07 Jul 2021
Detecting Kernel Hooking using eBPF
22 Feb 2021
Mapping It Out: Analyzing the Security of eBPF Maps
15 Feb 2021
Using eBPF to uncover in-memory loading

ios

24 Oct 2024
Investigating realtime detections on iOS using Unified Logging

Other