If you haven't had a chance to read the Medium article or full whitepaper about abusing Certificate Services in Microsoft Active Directory environments I highly suggest you do. You can find the Medium article HERE and the whitepaper (which is very detailed) HERE.

Quick Overview

Basically SpecterOps (some very smart people) discovered…

As more and more companies start to adopt cloud services to enable remote work and reduce the need for on-prem solutions more and more attackers are starting to target cloud environments. Since cloud is still relatively new a lot of companies make simple mistakes that enable attackers to easily steal…

In this article we’ll discuss using some machine learning concepts/scoring to determine the efficacy or effectiveness of threat detection content. An example of threat detection content (TDC) is (not limited to) custom or vendor provided signatures. We’ll generate a series of scores to measure the efficacy, effectiveness, precision, and recall.


If you have not heard there is a zero-day vulnerability actively being exploited in the wild. The vulnerability was originally “patched” back in the Microsoft June 2020 Patch Tuesday update that was issued on June 8, 2021. Its a big issue because it impacts operating system versions starting with Windows…

In light of the most recent disclosure for Pulse Secure VPN solution I wanted to provide a quick guide to creating detection for this attack.

Brief Backstory — FireEye detected 12 malware families and multiple threat actors abusing Pulse Secure vulnerabilities. The most recent vulnerability, CVE-2021–22893, allows for RCE. …


Cyber Security enthusiast, detection developer and engineer, researcher, consultant.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store