#dfir
-
How Ransomware Encrypts Your Files: A Technical Deep Dive
Ransomware uses a hybrid AES-256 + RSA-4096 encryption scheme that’s mathematically unbreakable without the attacker’s…
-
LOLBAS: How Hackers Use Windows’ Own Tools Against You
Attackers don’t always bring their own tools. certutil, mshta, regsvr32, wmic — Microsoft-signed binaries already…
-
Dissecting a Phishing Email: What the Headers Actually Tell You
The From field in a phishing email is trivially spoofed. The real story is in…
-
Windows Event Log IDs Every Blue Teamer Should Know
There are hundreds of Windows Event IDs but you really only need about 30 of…
-
Unveiling the Snake Infostealer: How It Spreads Through Facebook Messenger
In early 2024, researchers at Cybereason uncovered a new threat targeting Facebook users — a…
-
Server Message Block (SMB) 101: The Protocol That Keeps Getting Abused
SMB — Server Message Block — is one of those protocols that most Windows users…
-
Domain Name System (DNS) Logs 101: The Defender’s Underrated Data Source
If you ask most security analysts what their most valuable data source is, they’ll say…
-
PIKABOT: The Malware That Stepped Into QakBot’s Shoes
When law enforcement took down QakBot in August 2023, many in the security community wondered…
-
Exploring RDP Logs: What They Tell You and Why You Should Care
Remote Desktop Protocol (RDP) is one of the most widely used — and most abused…
About Author

Subhash Thapa
Security Analyst (SOC, AI, MDR & IR) | CEH | CCSP | CCIO | CSFPC
Latest Posts
Weekly threat intel, straight to your inbox
Free. No noise. Unsubscribe anytime.






