• Adaptive Deception: Establishing a Baseline

    10 min read Research Adaptive Deception

    Baseline results from the first 50 autonomous attacker runs against a GOAD Active Directory range, before any deception conditions are introduced.

  • Adaptive Deception: Raising the Cost of AI Intrusion

    11 min read Research Adaptive Deception

    An introduction to adaptive deception as a cost-imposition strategy against autonomous AI attackers, and the benchmark harness I am building to test it.

  • Dissection of a BEC: The Entry

    12 min read Dissection of a BEC

    How we traced the attacker's initial sign-in through Entra ID sign-in logs to the AiTM credential relay that started the compromise.

  • Dissection of a BEC: The Catalyst

    12 min read Dissection of a BEC

    How a Business Email Compromise (BEC) was detected in an M365 tenant, and the UAL queries used to begin the investigation.

  • Training Review: GIAC Certified Forensic Analyst (GCFA)

    5 min read Training Review

    A review of SANS's Advanced Incident Response, Threat Hunting (FOR508) course and GCFA certification.