Micah BabinskiHunting G-G-G-GhostTasks!Detecting a Spooktacular Persistence Procedure9 min read·Oct 30, 2023--1--1
Micah BabinskiIt’s Always DarkGate Before the DawnDetecting DarkGate, an Emerging Malware Threat8 min read·Oct 16, 2023----
Micah BabinskiSearch-ms, WebDAV, and ChillDetecting a [Re-]emerging Initial Access Method12 min read·Aug 1, 2023--1--1
Micah BabinskiButton-Pusher to MasterBuilder: Automating SIEM WorkflowsBuild Confidence and Skill in SIEM Automation18 min read·May 26, 2023--1--1
Micah BabinskiBrace for Impacket!Detecting a Red Team (and Threat Actor) Favorite13 min read·Apr 17, 2023--1--1
Micah BabinskiDetecting OneNote (.One) Malware DeliveryI opened a dozen malicious OneNote files and clicked on every link so you don’t have to9 min read·Jan 31, 2023----
Micah BabinskiFinding the Gap: How Curiosity and Creativity Drives Threat DetectionLet the Real World be your Lab with Mitre ATT&CK, Atomic Red Team, and Sigma11 min read·Dec 13, 2022----
Micah BabinskiCatching a Wev(tutil): Threat Detection for the Rest of UsMy detection engineering process in a nutshell8 min read·Nov 23, 2022----
Micah BabinskiCreating a Sigma Backend for Fun (and no Profit)A few months ago I decided to check and see whether there was a Sigma backend for InsightIDR, the cloud-based SIEM from Rapid7. Imagine my…12 min read·Apr 12, 2022--2--2