Technical Learning
I tend to spend a good portion of my day learning and implementing technical concepts in what I am interested in. This ranges from application security to cloud security and everything else in between. What follows is a collection of my technical learnings (My non-technical learnings can be found here).
You can learn about my coding projects on my GitHub.
Detecting Impossible Travel with the Haversine Formula
Building a detection rule in Microsoft Sentinel using KQL and the Haversine formula to catch compromised accounts via geographic impossibility.
Standardising Detections with Sigma and sigma-cli
Converting SIEM-specific detection rules into portable Sigma format and using sigma-cli to generate KQL, SPL, and other query languages from a single source of truth.
Detection Validation as Code: Building a Closed-Loop Testing Pipeline
Building a CI/CD pipeline that automatically executes adversary techniques, queries your SIEM, and validates that detection rules actually fire - before and after every change.
Active Directory: Attack Paths and Privilege Escalation
The offensive side of Active Directory: trust relationships, privileged groups, GPO abuse, ACL misconfigurations, and the named attack techniques that chain them together.
Active Directory: A Security Primer
A foundational primer on AD architecture, Kerberos authentication, and NTLM - the building blocks behind every major Windows attack technique.
Hunting Malicious Infrastructure
Focuses on the identification and tracking of C2 servers.
Exploring CodeQL
Explores CodeQL, a code analysis tool developed by GitHub to scan code for vulnerabilities.
Understanding Enumerators in Programming
My attempt to better understand enumerators, revisiting concepts from an early MANGA interview.
A Foray into DevSecOps
My beginning into learning more about and demystifying the concept of DevSecOps.
How Your ISP May Know What Site You Are Browsing To
Tries to understand how ISPs can potentially see what domains you are browsing.
Understanding Secure Access Service Edge (SASE)
Provides a brief introduction to SASE.
Technical Information Gathering with theHarvester
Showcases the uses of theHarvester, an OSINT tool leveraged during the recon stage of a penetration test.
Secure Coding Practices in Java
Describes a few secure coding best practices when coding in Java.