Skip to content
Indicators of Compromise and Threat Intelligence: A Practitioner Reference
Weekly Threat Advisory: Cluster Analysis & Top IOCs, June 15 – 21, 2026
The Complete AWS Threat Hunting Library: 27 Cloud Hunts, 7 Flagship Playbooks, and the Full Archive (2026)
AWS Organizations Compromise: Hunting the Multi-Account Federation Attack
Athena and S3 Data Lake Exfiltration: Hunting the SQL-Powered Data Heist
EventBridge and SNS as Covert C2: Hunting Native AWS Messaging Abuse
Hunting CI/CD Compromise in AWS: CodeBuild, CodePipeline, and the Buildspec Backdoor
GuardDuty Evasion Hunt: 9 Techniques Adversaries Use to Stay Silent on AWS
AWS KMS Ransomware Hunt: When Your Encryption Keys Become the Attacker’s Weapon
CloudTrail Blind Spots: 12 Places AWS Doesn’t Log (And How to Hunt There Anyway)
From SOC Analyst to Threat Hunter in 15 Months: The Complete 2026 Career Roadmap
12 Must-Know AI Terms in 2026: The Complete Glossary for Builders, Defenders, and Learners
Weekly Threat Advisory: Top Cyber Adversaries, June 8 – 14, 2026
Weekly Threat Advisory: Top Cyber Adversaries, June 1 – 7, 2026
The Threat Hunter’s Sigma Playbook: 7 Hunts Every Modern SOC Must Run
A Practical Detection Engineering Framework Used by Modern SOCs
What Cloud Logs You Actually Need for Threat Hunting (And Why Most Teams Fail)
How to Measure Detection Quality: Metrics Every Detection Engineer Must Track
Weekly Threat Advisory: Top Cyber Adversaries May 24 – 31, 2026
Weekly Threat Advisory: Top Cyber Adversaries May 18 – 24, 2026
Weekly Threat Advisory: Top Cyber Adversaries May 11 – 17, 2026
Living-off-the-Cloud Attack-Chain Detection: CloudTrail and VPC Flow Fusion
Insider Threat Detection from VPC Flow Logs (UEBA Without Endpoints)
Kubernetes East-West Attack Hunting from VPC Flow Logs
Tor and Anonymizer Egress Hunting on VPC Flow Logs
Cloud Cryptojacking Detection at Scale: Mining-Pool Hunting on AWS
TLS Fingerprinting (JA3, JA4, JARM) for Encrypted C2 Hunting
DGA and DNS-Tunnel Hunting at Scale on VPC Flow Logs
Lateral Movement Detection via Graph Analysis on VPC Flow Logs
Detecting Low-and-Slow Data Exfiltration with Isolation Forest + LSTM
Hunting Botnet Coordination and DDoS Staging with Clustering
Living-off-the-Land Kill Chain Detection with Markov Chains
Adaptive C2 Beacon Detection: FFT and DBSCAN on VPC Flow Logs
Weekly Threat Advisory: Top Cyber Adversaries May 04 – 10, 2026
AWS Bedrock Threat Hunting: A CloudTrail Log Analysis Playbook
Weekly Threat Advisory: The Most Active Cyber Adversaries October 13 – October 19, 2025
Weekly Threat Advisory: The Most Active Cyber Adversaries October 06 – October 12, 2025
Weekly Threat Advisory: The Most Active Cyber Adversaries Sep 29 – Oct 05, 2025
Weekly Threat Advisory: Top Cyber Threats from September 22 – September 28 2025
Weekly Threat Advisory: Top Cyber Threats from September 15 – September 21 2025
Weekly Threat Advisory: Top Cyber Threats from September 08 – September 14 2025
Weekly Threat Advisory: Top Cyber Threats from September 01 – September 07 2025
Weekly Threat Advisory: Top Cyber Threats from August 25- August 31 2025
Weekly Threat Advisory: Top Cyber Threats from August 18- August 24, 2025
Weekly Threat Advisory: Top Cyber Threats from August 11- August 17, 2025
Weekly Threat Advisory: Top Cyber Threats from August 04- August 10, 2025
Weekly Threat Advisory: Top Cyber Threats from July 14- August 03, 2025
Weekly Threat Advisory: Top Cyber Threats from June 16- June 22, 2025
Weekly Threat Advisory: Top Cyber Threats from June 09 – June 15, 2025
Weekly Threat Advisory: Top Cyber Threats from June 02 – June 08, 2025
Scroll to Top 
