[ resources://directory ]

Resources

Searchable defensive tooling and reference links for triage, research, and detection workflows.

Last updated: March 1, 2026

Forensics Notes

Forensics demonstrations & investigative methods

Browser History Forensics

Published Status: Published

Reconstructing a redirect-to-download chain with limited telemetry, using browser artifacts when SSL inspection and endpoint visibility are sparse.

Last updated: March 1, 2026: Read Here

DFIR Browser Artifacts T1189 Drive-by Compromise

Email Header Triage

Coming soon Status: Coming soon

A fast workflow to validate sender legitimacy, trace sending infrastructure, and separate spoofing from compromised-account abuse.

Last updated: March 1, 2026: /blog/email-header-triage.html

Email Security IR OSINT

Windows Logon Reconstruction

Coming soon Status: Coming soon

Rebuilding authentication timelines from Windows events to surface suspicious logons, lateral movement indicators, and persistence behavior.

Last updated: March 1, 2026: /blog/windows-logon-reconstruction.html

Windows Events T1078 Valid Accounts Detection

More posts soon ->

Quick filters

Tag filters

[ legal://authorized-use ]

Security content on this site is provided for educational and informational purposes only. It is not legal advice, not a guarantee of security outcomes, and not authorization to test any system. Only perform security activity on assets you own or where you have explicit written permission. You are solely responsible for complying with all applicable laws, policies, and contracts. By using this content, you accept full responsibility for your actions and release the author from liability for misuse, loss, damage, or service impact. If you are uncertain, stop and consult qualified legal or security professionals before proceeding. [ LICENSE ] [ TERMS ] [ PRIVACY ]