rulehound.com/rules really nice detection rule aggregator I found

New post out! medium.com/detect-fyi/pra…

New post out! "Detection Pitfalls You Might Be Sleeping On" koifsec.medium.com/detection-pitf…

New Sigma release r2025-05-21 is available for download. 🌟15 New Rules 🛡️47 Rule updates 🔬13 Rule Fixes Explore the full release -> github.com/SigmaHQ/sigma/… This release focused mainly on updates and tunings of older rules, with newer detections covering NimScan, AdFind,

Thanks Zack Allen for featuring my article again in Detection Engineering Weekly no. 114 ! detectionengineering.net/p/det-eng-week…

Pretty cool technique I didn't see before, command execution via Excel IQY files blog.eclecticiq.com/pakistan-telec…

Hello! I will be running an interactive workshop as part of my company's "2025 State of Detection" webinar on June 17th 9am PST/12pm EST primarily focused about immutable artifacts and detection pitfalls. Sign up here: cardinalops.com/birds-eye-view…

1st place on Google's CTF :))

As June comes to an end, so does #HuntingTipOfTheDay. I hope you enjoyed them! 👉 Find all threat hunting tips here: x.com/search?q=from%…

I am now on BlueSky as well! bsky.app/profile/koifse…

Lateral Movement – BitLocker ipurple.team/2025/08/04/lat…

Sharing the slides from our latest "2025 State of Detection Workshop" ! drive.google.com/file/d/18Q-Eat…

New blog out! medium.com/@koifsec/thoug…

splunk.com/en_us/blog/sec…

permiso.io/blog/inboxfusc…

New Sigma release r2025-10-01 is available for download. 🌟43 New Rules 🛡️34 Rule updates 🔬27 Rule Fixes Explore the full release -> github.com/SigmaHQ/sigma/… This release introduces a bunch of new rules and updates - A bunch of CVE detections including CVE-2025-54309,

SentinelOne published their analysis about PhantomCaptch. [1] One of the (many) interesting parts of this report is: "The script also disabled PowerShell command history logging via Set-PSReadlineOption -HistorySaveStyle SaveNothing as a means of evading forensic analysis." I

New post out! "Deconstructing Wmiexec-pro" Technical deep dive into a new post-exploitation framework based on Impacket's wmiexec, including a bunch of new telemetry and detections. Check it out > koifsec.medium.com/deconstructing…