@inversecos

An inside look at NSA (Equation Group) TTPs from China’s lense

Understanding Tokens in Entra ID: A Comprehensive Guide

Detecting Lateral Movement in Entra ID: Cross Tenant Synchronization

Azure Command Line Forensics - Host Based Artifacts

Detecting Fake Events in Azure Sign-in Logs

How to Detect Malicious OAuth Device Code Phishing

Recovering Cleared Browser History - Chrome Forensics

How to Investigate Insider Threats (Forensic Methodology)

Forensic Detection of Files Deleted via SDelete

How to Detect OAuth Access Token Theft in Azure

Detecting Linux Anti-Forensics: Timestomping

Hunting for APT Abuse of Exchange

Heap Overflows on iOS ARM64: Heap Spraying, Use-After-Free (Part 3)

Detecting Linux Anti-Forensics Log Tampering

Guide to Reversing and Exploiting iOS binaries Part 2: ARM64 ROP Chains

How to Reverse Engineer and Patch an iOS Application for Beginners: Part I

How to Perform Clipboard Forensics: ActivitiesCache.db, Memory Forensics and Clipboard History

Detection and Compromise: Azure Key Vaults & Secrets

Defence Evasion Technique: Timestomping Detection – NTFS Forensics

Malicious Registry Timestamp Manipulation Technique: Detecting Registry Timestomping

Windows Event Log Evasion via Native APIs

How to Detect and Compromise Azure Blobs and Storage Accounts

How to Detect Malicious Azure Persistence Through Automation Account Abuse

How to Detect Azure Active Directory Backdoors: Identity Federation

How to Backdoor Azure Applications and Abuse Service Principals