I am Mike (Rem). This is where I publish field notes, technical write-ups, and lessons learned from hands-on security work.
Type to search the blog.
No posts matched that search.
Case-driven write-ups from incident response and malware triage work.
Practical detection content across YARA, Sigma, and telemetry-first workflows.
Supply-chain abuse, protocol behavior, and CTF-style problem solving.
March 15, 2026
Exploring how agentic AI can support incident response by applying concurrent, methodical analysis across large telemetry sets. We examine where specialized agents fit into PICERL workflows, how adversarial review helps control false positives, and why orchestration matters in real-world investigative environments.
February 18, 2026
Building an entity-centric ES|QL hunting model for SSLVPN abuse by prioritizing topology over raw alert volume. We explore how infrastructure reuse, cross-organization overlap, and short authentication time deltas can separate adversarial activity from benign noise at scale.
September 6, 2025
Examining patterns observed in operating and collecting data from an SSLVPN honeypot sitting behind a Finch proxy.
May 17, 2025
Ransomware affiliates have long since abused Cloudflared tunnels to maintain persistent access to compromised environments. These tunnels can be utilized as a strong indicator of compromise when examined at-scale.