redhead0ntherunUnderstanding and Mitigating CVE-2023-46805 and CVE-2024-21887·3 min read·Jan 20, 2024----
redhead0ntherunLoader Activity for Formbook "QM18": A Deep Dive and Detection OpportunitiesIntroduction2 min read·Jul 12, 2023----
redhead0ntherunMonitor AWS Admin GroupsWith the increase in popularity and adoption of cloud platforms comes an increased NEED for being able to monitor these environments for…3 min read·Jun 19, 2022--1--1
redhead0ntherunDetecting Azure API Permissions AbuseThis is a follow-up article based on SpecterOps recent article that walked through a few attack paths using Azure API permissions to…3 min read·Dec 4, 2021----
redhead0ntherunCertified Pre-Owned Detection IdeasIf you haven't had a chance to read the Medium article or full whitepaper about abusing Certificate Services in Microsoft Active Directory…4 min read·Oct 17, 2021----
redhead0ntherunThreat Detection in AWSAs more and more companies start to adopt cloud services to enable remote work and reduce the need for on-prem solutions more and more…·3 min read·Aug 8, 2021----
redhead0ntherunUseful Threat Detection Program MeasurementsIn this article we’ll discuss using some machine learning concepts/scoring to determine the efficacy or effectiveness of threat detection…·6 min read·Jul 25, 2021--3--3
redhead0ntherunPrintNightmare (CVE-2021–1675)If you have not heard there is a zero-day vulnerability actively being exploited in the wild. The vulnerability was originally “patched”…2 min read·Jul 1, 2021----
redhead0ntherunDetect Pulse Secure 0-day (CVE-2021–22893)In light of the most recent disclosure for Pulse Secure VPN solution I wanted to provide a quick guide to creating detection for this…1 min read·Apr 21, 2021----
redhead0ntherunIOC Enrichment via Splunk Add-Ons & Custom ScriptsIf you missed my previous series in which i go over the methodology to implementing & using VirusTotal API data combined with Splunk’s…6 min read·Apr 20, 2021----