Posts

Chainsaw’s hunt feature, along with Chainsaw’s rule engine, is an excellent way to hunt for evil at scale and create reusable, maintainable queries for rapid triage. We will apply this to both simulated red team engagements and real world compromises to detect lateral movement, Impacket, and even ASP.NET compromises.

A brief introduction to Chainsaw’s search feature and the document tagging engine, Tau, that WithSecure released in the most recent major Chainsaw update. We will discuss and demystify some of the nuance of Tau’s query behavior, and apply these to hands on examples of simple queries that can be utilized to detect evil across numerous event logs with high fidelity.

Discussing obfuscation and its effect on the broader open-source supply chain.

A continually evolving knowledgebase of things I’ve found pertinent as a threat and security operations analyst, specifically focusing on malware analysis.

No-lone zones are ubiquitous with critical military tasks, and the scope and potential impact of the xz backdoor present an excellent opportunity to discuss how this could be applied to open source software.

Reverse engineering disassembled Python bytecode back to the original code.

Implementing a known plaintext attack utilizing an RSA oracle.

Abusing symlinks to include and subsequently display arbitrary textfiles in place of standard SSH banners.

Working through security by obscurity with the PicoCTF 2024 C3 challenge.

Following the kill chain of a malicious Python package, and decompiling a basic Quasar RAT while rapidly learning some valuable lessons.