Blue Team · 24 articles

Blue Team

SOC, detection engineering, threat hunting, IR, forensics, malware analysis.

Blue Team

Insider Threat in Indian BFSI: Detection, UEBA, HR Coordination

Insider threat categories (malicious, negligent, compromised, departed). Detection SQL queries for anomalous access and outbound. UEBA + DLP + HR/Legal coordination workflow.…

Apr 25, 2026 · 3 min read
Blue Team

Credit Card Fraud Detection at Scale: Rules + ML in Real-Time

Credit card fraud detection pipeline at issuer-bank scale — rule engine high-leverage rules, ML feature engineering, challenge mechanism, RBI Customer Protection alignment,…

Apr 25, 2026 · 2 min read
Blue Team

SIGINT for Defenders: Network Telemetry as Threat Intelligence

Defensive SIGINT — DNS DGA detection, DNS tunneling, beacon detection, exfiltration sizing, newly-registered domain queries. Splunk/SQL examples plus the Zeek + RITA…

Apr 25, 2026 · 3 min read
Blue Team

Havoc C2: The Second-Generation Open-Source Framework

Havoc's Demon implant — sleep masking, indirect syscalls, AMSI/ETW bypass by default. Why signature detection lags, what behavioural detection works, the 2024-25…

Apr 25, 2026 · 2 min read
Blue Team

Mythic C2: Multi-Agent Framework for Sophisticated Engagements

Mythic separates C2 server from agents (Apollo, Athena, Poseidon, Atlas, Tetanus). Why this matters for evasion, the detection challenge multi-agent creates, and…

Apr 25, 2026 · 2 min read
Blue Team

Detecting C2 Traffic from Network Telemetry: The Layered Approach

C2 detection from network telemetry — beaconing analysis with RITA, JA3/JA4 fingerprinting, DNS analytics for tunneling and DGA, HTTP/HTTPS anomalies, threat-intel destination…

Apr 25, 2026 · 3 min read
Blue Team

Modern Phishing Kits: Tycoon, Greatness, EvilProxy, Mamba 2FA

Phishing-as-a-Service kits dominate 2024-26 attacks against Indian fintech and BFSI. Tycoon, Greatness, EvilProxy / Caffeine, Mamba 2FA, Robin Banks. IoCs to monitor,…

Apr 25, 2026 · 3 min read
Blue Team

Wireshark for Security Teams: Network Forensics That Works

Wireshark workflow for security analysis — display filters, TLS decryption setup, Kerberos analysis, follow-stream feature, IoC extraction with tshark, beaconing detection. From…

Apr 25, 2026 · 3 min read
Blue Team

Building a Threat-Led Programme with MITRE ATT&CK

MITRE ATT&CK beyond marketing — pick relevant techniques from threat intel, map detection coverage, validate with Atomic Red Team and Caldera, operationalise…

Apr 25, 2026 · 3 min read
Blue Team

Sigma Rules: Vendor-Agnostic Detection in 2026

Sigma is the YAML detection-rule format that compiles to any SIEM. Rule structure, public repositories (SigmaHQ, signature-base), conversion workflow with pySigma, deployment…

Apr 25, 2026 · 3 min read