Threat Hunting
SIEM use-cases, detection rules, MITRE ATT&CK hunting techniques.
SIGINT for Defenders: Network Telemetry as Threat Intelligence
Defensive SIGINT — DNS DGA detection, DNS tunneling, beacon detection, exfiltration sizing, newly-registered domain queries. Splunk/SQL examples plus the Zeek + RITA…
Blue TeamDetecting C2 Traffic from Network Telemetry: The Layered Approach
C2 detection from network telemetry — beaconing analysis with RITA, JA3/JA4 fingerprinting, DNS analytics for tunneling and DGA, HTTP/HTTPS anomalies, threat-intel destination…
Blue TeamYARA Rules: Writing Detection Logic That Works
YARA syntax, effective rule patterns (combining weak signals, file-format anchors, PE module), public rule sources (signature-base, SigmaHQ), deployment across endpoint EDR, email…
Blue TeamBuilding a Threat-Led Programme with MITRE ATT&CK
MITRE ATT&CK beyond marketing — pick relevant techniques from threat intel, map detection coverage, validate with Atomic Red Team and Caldera, operationalise…
Blue TeamSigma Rules: Vendor-Agnostic Detection in 2026
Sigma is the YAML detection-rule format that compiles to any SIEM. Rule structure, public repositories (SigmaHQ, signature-base), conversion workflow with pySigma, deployment…
Blue Team7 SIEM Rules That Actually Catch Lateral Movement (Splunk, Elastic, Sigma)
Average dwell time before detection in Indian enterprise environments: 14 to 42 days, mostly spent on lateral movement. Seven specific, tunable SIEM…