Detecting malicious scheduled tasks on Windows is mostly about knowing what "normal" looks like in your environment and recogn...
Windows Security: Detecting malicious scheduled tasks
From Logs to Threats: SIEM Correlation Rules for Real Attacks
Windows Security: Best practices for securing Windows services
Securing Windows services is one of those topics where everyone agrees on the goal and almost nobody implements the same set of controls...
Windows Security: Registry Forensics - Where Attackers Hide
Windows registry forensics is one of the highest-yield areas of endpoint investigation, and the reason is structural: the registry is wh...
Essential Windows Event IDs for Security Monitoring: The Complete Guide
Every defender eventually needs a working knowledge of Windows Event IDs for security monitoring . There are thousands of them, but a muc...
Python Quick Guide: Building a Simple Port Scanner
Building a Python port scanner is a useful exercise for any defender who wants to understand what attackers' first rec...
PowerShell Quick Guide: Creating Your First Security Audit Script
A first PowerShell security audit script is the single most valuable thing a new Windows admin can build. Not the polished...
