Recent Posts
Threat Hunting with Firewall Traffic
Project Name: Threat Hunting with Firewall Traffic Description: – Whenever attackers… read out Threat Hunting with Firewall Traffic
Cyber Security Lifecycle
Cyber Security Lifecycle Project Name: Cyber Security Lifecycle Description: Without applying… read out Cyber Security Lifecycle
Types of System Software
Types of System Software Project Name: Types of System Software… read out Types of System Software
Cyber Security Control
Cyber Security Control Project Name: Cyber Security Control Description: Cyber… read out Cyber Security Control
Packet Analytics
Packet Analytics Project Name: Packet Analytics Description: Packet Analytics includes… read out Packet Analytics
Moloch Packet Analytics
Moloch Packet Analytics Project Name: Moloch Packet Analytics Description: Moloch… read out Moloch Packet Analytics
Installation of MOLOCH
Installation of MOLOCH Project Name: Installation of MOLOCH Description: Packet… read out Installation of MOLOCH
Moloch Usage
Moloch Usage Project Name: Moloch Usage Description: Moloch Usage includes… read out Moloch Usage
How to investigate files
How to investigate files Project Name: How to investigate files… read out How to investigate files
Compromised Linux Server Investigation
Compromised Linux Server Investigation Project Name: Compromised Linux Server Investigation Description:… read out Compromised Linux Server Investigation
How to use ProDiscover
How to use ProDiscover Project Name: How to use… read out How to use ProDiscover
Advance Data Recovery
Advance Data Recovery 1. Chances for Data Recovery of Deleted… read out Advance Data Recovery
Data Recovery Concept
Data Recovery Concept Data Recovery Concepts deal with following… read out Data Recovery Concept
Basic Data Recovery
Project Name: Basic Data Recovery Description: Basic Data Recovery will… read out Basic Data Recovery
Fraud Investigation Concept
fraud investigation concept
Forensics Analysis in India
Forensics Analysis in India Computer Forensics: – Computer forensics is… read out Forensics Analysis in India
ProDiscover Incident Response Project
ProDiscover Incident Response Project Project Name: ProDiscover Incident Response… read out ProDiscover Incident Response Project
Digital Evidence India
Digital Evidence India Types of digital evidence India Digital Evidence… read out Digital Evidence India
Forensics Incident Response
The Document Describes The Forensics Incident Response Checklist For Incident Management… read out Forensics Incident Response
Computer and Network Log Analytics
Computer and Network Log Analytics Project Name: Computer and Network Log… read out Computer and Network Log Analytics
Indicators of Compromise and Threat Intelligence: A Practitioner Reference
A working analyst reference. 20 sections covering the Pyramid of Pain, the atomic / computed / behavioural indicator taxonomy, the four IOC domains with field-level detail, pivoting tradecraft (passive DNS, WHOIS, JA3/JA4/JARM, TLS SAN, ASN), the standards (STIX 2.1, TAXII 2.1, OpenIOC, MISP), detection content (Sigma + YARA), IOC vs IOA vs TTP, the four TI tiers with producer-consumer contracts, the six-phase lifecycle with F3EAD overlay, intelligence requirements (PIR/SIR/KIT/KIQ), the Diamond Model of Intrusion Analysis, the Cyber Kill Chain mapped to MITRE ATT&CK, the Admiralty source reliability code, Traffic Light Protocol 2.0, the Hunting Maturity Model, detection-engineering pipelines, SOAR integration patterns, KPIs (MTTD / MTTR / dwell time / coverage / hit rate), and the practitioner reference stack. Vendor-neutral. Twelve practitioner FAQs.
Weekly Threat Advisory: Cluster Analysis & Top IOCs, June 15 – 21, 2026
55,480 indicator observations across 89 adversary clusters this week. A ransomware operator rotated a full multi-pivot kill chain (Rhysida-Interlock, 219 indicators across 4 IOC types). Developer supply chain became this week’s preferred attack surface (15 typosquat code-editor plugins + 8 browser extensions + 6 marketing-CDN typosquats). AI platforms began appearing as adversary infrastructure (19 chat-share redirector domains + 39-indicator AI-generated lure campaign). Full MITRE ATT&CK mapping per cluster, subnet-clustering signals, top 15 IOCs per indicator type, and 4 production-ready Sigma rules.
The Complete AWS Threat Hunting Library: 27 Cloud Hunts, 7 Flagship Playbooks, and the Full Archive (2026)
The definitive AWS threat hunting reference — indexing all 27 published AWS hunting posts on hackforlab.com. 7 flagship 2026 hunts (CloudTrail blind spots, KMS ransomware, GuardDuty evasion, CI/CD compromise, native messaging C2, Athena data lake exfiltration, multi-account federation), plus 19 archive posts covering AWS identity attacks, Bedrock CloudTrail playbook, VPC Flow Log analytics, cloud malware case studies, and the foundational AWS attack-chain detection content.
AWS Organizations Compromise: Hunting the Multi-Account Federation Attack
AWS Organizations centralises governance — and that centralisation creates a high-value attack target. This article covers the four most-exploited multi-account compromise patterns, the cross-account telemetry stitching required to detect them, and the response strategies for organisation-level incident response.
Athena and S3 Data Lake Exfiltration: Hunting the SQL-Powered Data Heist
AWS Athena lets adversaries run massive SELECT queries against S3-stored data lakes — and the resulting data exfiltration leaves a trail that most cloud SOCs do not monitor. This article catalogues the three Athena exfiltration patterns and ships the detection queries that surface them.
