Micah BabinskiDive into Sigma Correlation RulesAnd go hunting for Cicada3301 ransomware behaviors in the processSep 9Sep 9
Micah BabinskiHunting G-G-G-GhostTasks!Detecting a Spooktacular Persistence ProcedureOct 30, 20231Oct 30, 20231
Micah BabinskiIt’s Always DarkGate Before the DawnDetecting DarkGate, an Emerging Malware ThreatOct 16, 2023Oct 16, 2023
Micah BabinskiSearch-ms, WebDAV, and ChillDetecting a [Re-]emerging Initial Access MethodAug 1, 20231Aug 1, 20231
Micah BabinskiButton-Pusher to MasterBuilder: Automating SIEM WorkflowsBuild Confidence and Skill in SIEM AutomationMay 26, 20231May 26, 20231
Micah BabinskiBrace for Impacket!Detecting a Red Team (and Threat Actor) FavoriteApr 17, 20231Apr 17, 20231
Micah BabinskiDetecting OneNote (.One) Malware DeliveryI opened a dozen malicious OneNote files and clicked on every link so you don’t have toJan 31, 2023Jan 31, 2023
Micah BabinskiFinding the Gap: How Curiosity and Creativity Drives Threat DetectionLet the Real World be your Lab with Mitre ATT&CK, Atomic Red Team, and SigmaDec 13, 2022Dec 13, 2022
Micah BabinskiCatching a Wev(tutil): Threat Detection for the Rest of UsMy detection engineering process in a nutshellNov 23, 2022Nov 23, 2022