SYSTEM BOOT // DYLAN/RESEARCH-TERMINAL
Welcome_
A personal portfolio for security engineering. Browse detection queries written for SIEM and SOAR platforms, read the blog for writeups and notes, or view my recent projects.
// Latest Blog Posts
VIEW ALL →Designing Detections for Scale, Speed, and Human Beings
Effective KQL detection engineering goes beyond writing queries — it demands an understanding of attacker behaviour, analyst workflows, and production environme…
Why Smart SOC Teams Are Rethinking Sentinel Ingestion (And What They're Doing Instead)
SOC teams face tough decisions about which logs to ingest into Sentinel given volume-based costs. With Microsoft introducing USOP, security teams should lean mo…
// Latest Detections
VIEW ALL →Potential EtherHiding Activity via Blockchain Explorer Connections
Defender XDRDetects suspicious network connections to blockchain explorer APIs that may indicate UNC5342’s use of new EtherHiding techniques for retrieving malicious payloa…
ScatteredSpider Domain Phishing Campaigns via Network, Email, and Teams Interactions
Defender XDRDetects suspicious logins or actions triggered by phishing links to ScatteredSpider (SS) domains (e.g., ServiceDesk, Okta) across network connections, email del…
Privilege Escalation via Role Assignments Outside Business Hours
Microsoft SentinelDetects unauthorized privilege escalation attempts—adding admin/management roles to users outside standard business hours, potentially indicating malicious acti…