Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
IAM the Captain Now – Hijacking Azure Identity Access
I decided to spend some research time diving in depth into Identity and Access Management (IAM) within Microsoft Azure. I am going to show you within this blog…
Building a Detection Foundation: Part 5 - Correlation in Practice
From Data Sources to DetectionWe've covered a lot of ground in this series: Windows Security events for logon tracking and process execution; PowerShell…
Reduce Repetition and Free up Time With Mobile File Extractor
If you do the same thing three times, automate it. Introducing Mobile Data Extractor, a Python tool that handles the repetitive work of mobile app data…
Policy as Code: Stop Writing Policies and Start Compiling Them
The Problem Nobody Wants to Talk AboutLet me paint a picture most security leaders will recognize.You have 30+ policies living as Word documents on SharePoint.…
Building a Detection Foundation: Part 4 - Sysmon
Filling the Gaps Native Logging Can'tAt this point in our series, we have Windows Security events capturing logon sessions and process creation, and…
Full Disclosure: A Third (and Fourth) Azure Sign-In Log Bypass Found
Invisible password sprays. Invisible logins. Full tokens returned.Nyxgeek here. It's 2026 and I've got two more Azure Entra ID sign-in log bypasses…
Better Together: Combining Automation and Manual Testing
When I started working in mobile application security in 2018, most testing was still largely manual. Since then, the ecosystem has exploded with scanners,…
LnkMeMaybe - A Review of CVE-2026-25185
A Windows shortcut (.lnk) seems very simple on the surface. It is a file that points somewhere and tells the system to open or execute a resource. A shortcut…
Building a Detection Foundation: Part 3 - PowerShell and Script Logging
The Second Most Important Data Source You're Probably Not CapturingIn Part 2, we enabled process creation logging with command lines. That's a big…
Building a Detection Foundation: Part 2 - Windows Security Events
The Audit Policies Nobody ConfiguresIn Part 1, we looked at why relying on a single telemetry source is a recipe for blind spots. Now let's get practical.…
Building a Detection Foundation: Part 1 - The Single-Source Problem
The Uncomfortable Truth About Your Telemetry Let me start with an observation that might hit close to home. In my years working Incident Response cases and…
Notepad++ Plugins: Plug and Payload
Notepad++ has been in the news recently for a breach of infrastructure associated with the Notepad++ updater. This attack may have allowed an adversary to…
Loading...