Blue Team
SOC, detection engineering, threat hunting, IR, forensics, malware analysis.
Insider Threat in Indian BFSI: Detection, UEBA, HR Coordination
Insider threat categories (malicious, negligent, compromised, departed). Detection SQL queries for anomalous access and outbound. UEBA + DLP + HR/Legal coordination workflow.…
Blue TeamCredit Card Fraud Detection at Scale: Rules + ML in Real-Time
Credit card fraud detection pipeline at issuer-bank scale — rule engine high-leverage rules, ML feature engineering, challenge mechanism, RBI Customer Protection alignment,…
Blue TeamSIGINT for Defenders: Network Telemetry as Threat Intelligence
Defensive SIGINT — DNS DGA detection, DNS tunneling, beacon detection, exfiltration sizing, newly-registered domain queries. Splunk/SQL examples plus the Zeek + RITA…
Blue TeamHavoc C2: The Second-Generation Open-Source Framework
Havoc's Demon implant — sleep masking, indirect syscalls, AMSI/ETW bypass by default. Why signature detection lags, what behavioural detection works, the 2024-25…
Blue TeamMythic C2: Multi-Agent Framework for Sophisticated Engagements
Mythic separates C2 server from agents (Apollo, Athena, Poseidon, Atlas, Tetanus). Why this matters for evasion, the detection challenge multi-agent creates, and…
Blue TeamDetecting C2 Traffic from Network Telemetry: The Layered Approach
C2 detection from network telemetry — beaconing analysis with RITA, JA3/JA4 fingerprinting, DNS analytics for tunneling and DGA, HTTP/HTTPS anomalies, threat-intel destination…
Blue TeamModern Phishing Kits: Tycoon, Greatness, EvilProxy, Mamba 2FA
Phishing-as-a-Service kits dominate 2024-26 attacks against Indian fintech and BFSI. Tycoon, Greatness, EvilProxy / Caffeine, Mamba 2FA, Robin Banks. IoCs to monitor,…
Blue TeamWireshark for Security Teams: Network Forensics That Works
Wireshark workflow for security analysis — display filters, TLS decryption setup, Kerberos analysis, follow-stream feature, IoC extraction with tshark, beaconing detection. From…
Blue TeamBuilding a Threat-Led Programme with MITRE ATT&CK
MITRE ATT&CK beyond marketing — pick relevant techniques from threat intel, map detection coverage, validate with Atomic Red Team and Caldera, operationalise…
Blue TeamSigma Rules: Vendor-Agnostic Detection in 2026
Sigma is the YAML detection-rule format that compiles to any SIEM. Rule structure, public repositories (SigmaHQ, signature-base), conversion workflow with pySigma, deployment…