June 27, 2026
A hands-on walkthrough of investigating a credential phishing attack and account takeover at Nexus Financial from suspicious sign-in alert to full attacker timeline, using Splunk, Entra ID logs, and Microsoft 365 audit trails.
Read more →May 20, 2026
A full incident response walkthrough from initial alert triage on LimaCharlie EDR to memory acquisition, log correlation, and attack timeline reconstruction on a compromised Windows workstation.
Read more →August 1, 2025
In this blog, we walk through the process of analyzing web server logs after a compromise. Using log analysis, we uncover the attacker's brute force method, successful login, access to sensitive files, and exfiltration techniques. This post provides a detailed approach to understanding and responding to a server breach.
Read more →July 30, 2025
Comprehensive forensic investigation into a suspected Volt Typhoon intrusion. Covers initial access via Zoho ManageEngine ADSelfService Plus, execution using WMIC, credential dumping, lateral movement, and log tampering tactics.
Read more →February 1, 2025
An Exchange server was compromised with ransomware. Use Splunk to investigate how the attackers compromised the server.
Read more →February 1, 2025
You are involved in an incident response engagement and need to analyze an infected host using Redline
Read more →