Hi there 👋

My Projects

• 📜 My Detection Lists for SOC/DFIR
• 🧪 PurpleTeam scripts and notes
• 👁️ LOLC2
• 💦 LOLEXFIL
• ☁️ LOLfSaas
• 🆔 BADGUIDs
• 💠 VSXSentry
  • 💠 VSXSentry-Guard
• 🧩 EXTSentry
  • 🧩ExtSentry-Guard
• 🔐 OAuthSentry
• 🐼 Nehboro
  • 🧩 nehboro
• 🧅 TOR archive
• 🕳️ SINKHOLED
• 📖 Threat Intelligence Reports Database
• 🐾 Threat Hunting artifacts
  • 🛠️ Threat Hunting yara rules
• 🛡️ Browser Extensions
  • 🧩 TraceGlyph
  • 🧩 Masquerade-Spoofer
  • 🧩 ExtSentry-Guard
  • 🧩 threatcheck
  • 🧩 nehboro
  • 🧩 quick-notes
  • 🧩 chromapicker
  • 🧩 Hakr
  • 🧩 TabZEN
  • 🧩 Github Web IDE
  • 🧩 AuthForge

🧠 Blog Posts

Details

• Threat Hunting - Suspicious Named pipes
• Event Log Manipulations - Time slipping
• Threat Hunting - Suspicious Service names
• Threat Hunting - Suspicious User-agents
• Detecting DNS over HTTPS
• Threat Hunting - Suspicious TLDs
• OSINT - Catching my hacker via leaked datases
• Detecting DLL Hijacking techniques from HijackLibs With Splunk
• How Threat Actors use Pastebin
• Detecting Phishing attempts with DNSTWIST
• File Integrity monitoring with Auditd
• How Threat Actors use Github
• Detecting Browser extensions installations
• C2 Hiding in plain sight
• Detecting PSEXEC and similar tools
• Detecting Phishing attempts with Wetransfer
• Detecting HTML smuggling Phishing attempts
• More content on Medium and Twitter/BlueSky