Portfolio
Sell It Like Serhant: The Course
Hashed and rehashed, a tale of Goodware hashes
Goodware Database
Detect SpawnAs & SMB Lateral movement via EDR telemetry. https://dansec.medium.com/detecting-malicious-c2-activity-spawnas-smb-lateral-movement-in-cobaltstrike-9d518e68b64
Detecting malicious C2 activity (fork&run!) https://dansec.medium.com/detecting-malicious-c2-activity-with-edr-telemetry-de1e8f3e7004
Threat hunting looking for iCal events being opened by Outlook via the wcal:// protocol can show potential ways for threat actors to hold a persistent mechanism to send ever evolving calendar invit...