The Power of Hypothesis Driven Investigations
In my last post, The Most Important Question Every SOC Analyst Should Be Asking, we looked at how analysts should frame alerts and activity by asking: “So wh...
Recent Posts
The Most Important Question Every SOC Analyst Should Be Asking
Security Operations Centres (SOCs) live and breathe questions such as: What happened? How did it happen? Who is behind it? But there’s one question that cuts...
Defending the Edge: How VPNs, Firewalls & Routers Are Now Prime Targets
Edge devices are increasingly prime targets for both ransomware groups and nation-state threat actors. VPNs, firewalls, and remote access appliances are freq...
Use of Bespoke Branding in O365 Phishing Campaigns
Phishing campaigns will often use bespoke company branding to make their phishing sites more trustworthy. This post discusses how phishing campaigns are able...
Defending against Obfuscation and Link-less Phishing
Phishing kits are commonly used by adversaries to simplify and scale their operations, enabling them to quickly deploy at scale and often reduce the likeliho...