Writing Your First Sigma Rule
A practical walk-through of authoring a portable detection rule with Sigma, from logsource to test.
Suspicious Bytes
From suspicious bytes to actionable intelligence.
Detecting Lateral Movement
Hunting for east-west movement in Windows event logs, mapped to MITRE ATT&CK.
Anatomy of a Phishing Incident
Walking a credential-phishing case from first report to containment and lessons learned.
Triaging Suspicious PowerShell
Decoding and assessing an encoded PowerShell command during incident triage.
OSINT for Beginners
Gathering open-source intelligence responsibly, starting with what is already public.
Building a Threat Actor Profile
Turning scattered observations into a structured CTI profile your defenders can act on.
Getting started with Threat Hunting with a minimal approach
Threat hunting doesn't require enterprise tools. You can simply start with what you already have.