Skip to contentStories
2026-06-19 The Complete AWS Threat Hunting Library: 27 Cloud Hunts, 7 Flagship Playbooks, and the Full Archive (2026)
2026-06-19 AWS Organizations Compromise: Hunting the Multi-Account Federation Attack
2026-06-19 Athena and S3 Data Lake Exfiltration: Hunting the SQL-Powered Data Heist
2026-06-19 EventBridge and SNS as Covert C2: Hunting Native AWS Messaging Abuse
2026-06-19 Hunting CI/CD Compromise in AWS: CodeBuild, CodePipeline, and the Buildspec Backdoor
2026-06-19 GuardDuty Evasion Hunt: 9 Techniques Adversaries Use to Stay Silent on AWS
2026-06-19 AWS KMS Ransomware Hunt: When Your Encryption Keys Become the Attacker’s Weapon
2026-06-19 CloudTrail Blind Spots: 12 Places AWS Doesn’t Log (And How to Hunt There Anyway)
2026-06-19 From SOC Analyst to Threat Hunter in 15 Months: The Complete 2026 Career Roadmap
2026-06-15 12 Must-Know AI Terms in 2026: The Complete Glossary for Builders, Defenders, and Learners
2026-06-15 Weekly Threat Advisory: Top Cyber Adversaries, June 8 – 14, 2026
2026-06-07 Weekly Threat Advisory: Top Cyber Adversaries, June 1 – 7, 2026
2026-06-06 The Threat Hunter’s Sigma Playbook: 7 Hunts Every Modern SOC Must Run
2026-06-03 A Practical Detection Engineering Framework Used by Modern SOCs
2026-06-03 What Cloud Logs You Actually Need for Threat Hunting (And Why Most Teams Fail)
2026-06-03 How to Measure Detection Quality: Metrics Every Detection Engineer Must Track
2026-06-01 Weekly Threat Advisory: Top Cyber Adversaries May 24 – 31, 2026
2026-05-25 Weekly Threat Advisory: Top Cyber Adversaries May 18 – 24, 2026
2026-05-18 Weekly Threat Advisory: Top Cyber Adversaries May 11 – 17, 2026
2026-05-16 Living-off-the-Cloud Attack-Chain Detection: CloudTrail and VPC Flow Fusion
2026-05-16 Insider Threat Detection from VPC Flow Logs (UEBA Without Endpoints)
2026-05-16 Kubernetes East-West Attack Hunting from VPC Flow Logs
2026-05-16 Tor and Anonymizer Egress Hunting on VPC Flow Logs
2026-05-16 Cloud Cryptojacking Detection at Scale: Mining-Pool Hunting on AWS
2026-05-16 TLS Fingerprinting (JA3, JA4, JARM) for Encrypted C2 Hunting
2026-05-16 DGA and DNS-Tunnel Hunting at Scale on VPC Flow Logs
2026-05-15 Lateral Movement Detection via Graph Analysis on VPC Flow Logs
2026-05-15 Detecting Low-and-Slow Data Exfiltration with Isolation Forest + LSTM
2026-05-15 Hunting Botnet Coordination and DDoS Staging with Clustering
2026-05-15 Living-off-the-Land Kill Chain Detection with Markov Chains
2026-05-13 Adaptive C2 Beacon Detection: FFT and DBSCAN on VPC Flow Logs
2026-05-11 Weekly Threat Advisory: Top Cyber Adversaries May 04 – 10, 2026
2026-05-09 AWS Bedrock Threat Hunting: A CloudTrail Log Analysis Playbook
2025-10-22 Weekly Threat Advisory: The Most Active Cyber Adversaries October 13 – October 19, 2025
2025-10-22 Weekly Threat Advisory: The Most Active Cyber Adversaries October 06 – October 12, 2025
2025-10-08 Weekly Threat Advisory: The Most Active Cyber Adversaries Sep 29 – Oct 05, 2025
2025-10-02 Weekly Threat Advisory: Top Cyber Threats from September 22 – September 28 2025
2025-09-23 Weekly Threat Advisory: Top Cyber Threats from September 15 – September 21 2025
2025-09-23 Weekly Threat Advisory: Top Cyber Threats from September 08 – September 14 2025
2025-09-09 Weekly Threat Advisory: Top Cyber Threats from September 01 – September 07 2025
2025-09-09 Weekly Threat Advisory: Top Cyber Threats from August 25- August 31 2025
2025-08-26 Weekly Threat Advisory: Top Cyber Threats from August 18- August 24, 2025
2025-08-18 Weekly Threat Advisory: Top Cyber Threats from August 11- August 17, 2025
2025-08-10 Weekly Threat Advisory: Top Cyber Threats from August 04- August 10, 2025
2025-08-05 Weekly Threat Advisory: Top Cyber Threats from July 14- August 03, 2025
2025-08-05 Weekly Threat Advisory: Top Cyber Threats from June 16- June 22, 2025
2025-08-05 Weekly Threat Advisory: Top Cyber Threats from June 09 – June 15, 2025
2025-08-05 Weekly Threat Advisory: Top Cyber Threats from June 02 – June 08, 2025
2025-07-14 AWS Cloud Attack Summary
2025-06-17 Attack Hunting Using AWS VPC Flow Logs
