Threat Hunting · 16 articles

Threat Hunting

SIEM use-cases, detection rules, MITRE ATT&CK hunting techniques.

Cloud Security

Building Zero-Trust on Kubernetes: SPIFFE, mTLS, and Service Mesh in Practice

Architectural deep-dive on Kubernetes zero-trust. SPIFFE/SPIRE workload identity, mTLS at the pod boundary, Cilium L7 policy, and Kyverno admission enforcement.

May 22, 2026 · 8 min read
Cloud Security

Cloud Detection and Response for AWS: Threat Hunting Playbook for 2026

A practitioner playbook for AWS CDR. CloudTrail rules, GuardDuty triage, three end-to-end response playbooks, and the telemetry stack Indian SOCs need.

May 22, 2026 · 7 min read
Cloud Security

Kubernetes Pod Security in Production: PSA, Kyverno, and OPA Gatekeeper Compared

Comparative analysis of the three dominant Kubernetes policy engines. When to use which, how to compose them, and a defensible migration from…

May 22, 2026 · 9 min read
Academy

Module 5 · Unpacking Packed Malware — UPX, ASPack, Custom Packers

Why this module exists. Roughly 70% of malware samples in the wild are packed in some form. Without unpacking, your analysis stops…

May 14, 2026 · 4 min read
Academy

Module 6 · Anti-Analysis Techniques and How to Defeat Them

Why this module exists. A sandbox report that shows “did nothing” or a debugger that crashes when you single-step are not bugs…

May 14, 2026 · 4 min read
Academy

Module 4 · Reverse Engineering Windows Malware with Ghidra

Why this module exists. When static and dynamic analysis are not enough — the sample is too novel, the obfuscation is too…

May 14, 2026 · 4 min read
Academy

Module 3 · Dynamic Malware Analysis & Sandboxing

Why this module exists. Sandboxes are not magic — sophisticated malware checks for them and either does nothing or does something different.…

May 14, 2026 · 4 min read
Academy

Module 2 · Static Malware Analysis — Strings, Imports, YARA

Why this module exists. Running unknown malware on your laptop is how new IR responders become old IR responders. Static analysis is…

May 14, 2026 · 3 min read
Academy

Quantum Reservoir Computing for SOC Anomaly Detection — Practical 2026 Pilots

Quantum Reservoir Computing (QRC) is the most-likely-to-ship quantum-ML technique for cybersecurity this decade. Hybrid classical-quantum anomaly detection, what works, what doesnt, deployment…

May 8, 2026 · 5 min read
Academy

Reverse Engineering and Malware Analysis

Static and dynamic RE workflow, Ghidra/IDA/Binary Ninja, packers, anti-analysis bypass, sandbox setup, YARA-rule writing — turning unknown binaries into hunting queries.

Apr 26, 2026 · 5 min read