redhead0ntherunLoader Activity for Formbook "QM18": A Deep Dive and Detection OpportunitiesIntroductionJul 12, 2023Jul 12, 2023
redhead0ntherunMonitor AWS Admin GroupsWith the increase in popularity and adoption of cloud platforms comes an increased NEED for being able to monitor these environments for…Jun 19, 20221Jun 19, 20221
redhead0ntherunDetecting Azure API Permissions AbuseThis is a follow-up article based on SpecterOps recent article that walked through a few attack paths using Azure API permissions to…Dec 4, 2021Dec 4, 2021
redhead0ntherunCertified Pre-Owned Detection IdeasIf you haven't had a chance to read the Medium article or full whitepaper about abusing Certificate Services in Microsoft Active Directory…Oct 17, 2021Oct 17, 2021
redhead0ntherunThreat Detection in AWSAs more and more companies start to adopt cloud services to enable remote work and reduce the need for on-prem solutions more and more…Aug 8, 2021Aug 8, 2021
redhead0ntherunUseful Threat Detection Program MeasurementsIn this article we’ll discuss using some machine learning concepts/scoring to determine the efficacy or effectiveness of threat detection…Jul 25, 20213Jul 25, 20213
redhead0ntherunPrintNightmare (CVE-2021–1675)If you have not heard there is a zero-day vulnerability actively being exploited in the wild. The vulnerability was originally “patched”…Jul 1, 2021Jul 1, 2021
redhead0ntherunDetect Pulse Secure 0-day (CVE-2021–22893)In light of the most recent disclosure for Pulse Secure VPN solution I wanted to provide a quick guide to creating detection for this…Apr 21, 2021Apr 21, 2021
redhead0ntherunIOC Enrichment via Splunk Add-Ons & Custom ScriptsIf you missed my previous series in which i go over the methodology to implementing & using VirusTotal API data combined with Splunk’s…Apr 20, 2021Apr 20, 2021