Posts
All the articles I've posted.
-
Two C2 Cases, One Day: Reading the Difference Between Infected and Blocked
Two C2 investigations on the same day with very different outcomes — one confirmed infection with active beaconing, one clean block. The key was knowing what the firewall logs were actually telling me.
-
When Three Controls Agree: Catching InstallMiez on a BYOD Network
A user device beaconing to a hardcoded Akamai IP every 17 minutes turned into a clean example of why defense-in-depth isn't just a buzzword.