_
Access
Ops Centre
Incidents
Analyst Notes
Contact
Résumé
0%
Access
Sitemap
Index
Sitemap
Full directory of portfolio pages, incident reports, and analyst notes.
Core Pages
6
Incidents
10
Notes
12
Total Links
30
Navigation
6
Access
→︎
Ops Centre
→︎
Incidents
→︎
Analyst Notes
→︎
Contact
→︎
Résumé
→︎
Connect
2
LinkedIn
↗︎
Discord
↗︎
Incident Reports
10
HIGH
Malware — Trojan Dropper Masquerading as PDF Updater
→︎
MED
Phishing — LOTS Platform Abuse with KYC Lure
→︎
MED
OAuth Consent — Persistent Mailbox Access Granted
→︎
MED
Suspicious Execution Blocked — Revoked AnyDesk Certificate (×17 Endpoints)
→︎
MED
Unfamiliar Sign-In — No Device ID, All 7 Properties Flagged
→︎
MED
Rooted Android Device on Corporate MDM
→︎
MED
Azure-Hosted Tech Support Scam in Email
→︎
MED
Phishing Simulation — Full Triage Before Context Established
→︎
MED
Unfamiliar Sign-In — Pakistan IPv6 Blocked by CA
→︎
MED
Unfamiliar Sign-In — Egypt VPN IP (6-Day Response Lag)
→︎
Analyst Notes
12
Detection
Baseline Drift & False Positive Ratio (FPR) Analysis
→︎
Identity
Identity Analytical Pivots: Session & Token Integrity
→︎
Detection
Durable False Positive Suppression & Detection Decay
→︎
Ops
Orthogonal Hunt Framework: Atomic Coverage
→︎
Identity
Email Header Forensics: SPF / DKIM / DMARC Triage
→︎
Identity
OAuth Consent Grant Abuse & Illicit Token Persistence
→︎
Detection
Process Tree Reconstruction & LOLBin Analysis
→︎
Ops
Mailbox Rule Persistence & BEC Concealment
→︎
Detection
Lateral Movement Telemetry: SMB, WMI & RDP Pivots
→︎
Detection
Ransomware Precursor Detection: Pre-Encryption Kill Chain
→︎
Ops
Sentinel Workspace Hygiene & Ingestion Cost Governance
→︎
Identity
Conditional Access Gap Analysis & Policy Drift
→︎