Early Warning Detection Research

Dec 16•7 min read•Rad Kawar

Deception Taxonomy: A Common Language

A common language for deception operations. The vocabulary needed to discuss honey tokens, tripwires, and alert lifecycles with precision.

NEW

Dec 14•7 min read•Rad Kawar

Detecting Unauthenticated AWS OSINT: Catching Adversaries Before They're Inside

Unauthenticated cloud enumeration has always been low-risk for attackers. S3 bucket enumeration tools like cloud_enum run freely without triggering alerts. Until now.

Dec 2•7 min read•Rad Kawar

Windows Stealers: How Modern Infostealers Harvest Credentials

Technical analysis of Windows information stealers using Sryxen as a case study. How they decrypt browser data via DPAPI, evade analysis, and exfiltrate credentials.

Dec 2•9 min read•Rad Kawar

macOS Stealers: How Modern Infostealers Harvest Credentials

Technical analysis of macOS information stealers using Banshee as a case study. How they phish passwords, decrypt Keychains, and exfiltrate browser data.

Nov 26•7 min read•Rad Kawar

Field Notes on Malware: The Evolution of C2 Evasion and What It Means for Detection

While malware developers continue using BOFs, shellcode, and sleep obfuscation, a capability researched and published almost 2 years ago has surprisingly not gained traction. Understanding these techniques is critical for defenders.

Nov 24•8 min read•Rad Kawar

Engineering

Processing CloudTrail Logs from S3: Discovery and Resumption Patterns

Understanding S3's hierarchical discovery and CloudTrail's immutability for log syncing across organization trails.

Nov 19•7 min read•Rad Kawar

The Psychology Behind Effective Honey Tokens

Attackers validate credentials when type and context match their targeting. Understanding cognitive shortcuts and cost-imposing sludge determines detection success.

Nov 18•10 min read•Rad Kawar

Early Warning Detection for Credential Theft: Why Behavioral Analysis Fails

57% of breaches discovered externally. Infostealer credentials evade EDR for years. Early warning honey tokens detect validation before lateral movement.

Nov 17•9 min read•Rad Kawar

Engineering

EventBridge Pattern Matching: A Field Guide

Master EventBridge pattern construction and avoid common pitfalls.

Nov 16•16 min read•Rad Kawar

AI-Orchestrated Attacks: Why Detection Speed Matters More Than Ever

Chinese state-sponsored campaign used AI to automate 80-90% of tactical operations at machine speed. Early warning detection becomes critical when attacks move in milliseconds.

Nov 11•16 min read•Rad Kawar

Early Warning Honey Tokens: Give Adversaries Options

This risk calculus has held for years. Early warning honey tokens (eWHT) exist to break it.

Nov 10•5 min read•Rad Kawar

DeceptIQ: High-Fidelity Detection at Cloud Scale

Built by red teamers to catch adversaries. The deception technology platform we wish every organization we compromised had in place.

Jul 20•7 min read•Rad Kawar

From Phish to Package: NPM Supply Chain Attacks

Analysis of a recent NPM supply chain attack that deployed Scavenger malware through compromised packages, including a new overlooked phishing technique.

Jul 5•10 min read•Rad Kawar

Understanding Your Adversary: The Human Side of Threat Intelligence

How recognizing attackers as goal-driven individuals transforms defensive philosophy. Learn why simple, psychologically-grounded deceptions outperform technical complexity.

Jul 4•6 min read•Rad Kawar

Threat Intelligence in Cyber Deception: A Planning Guide

How threat intelligence transforms cyber deception from guesswork into strategic planning - understanding what attackers actually do and why it matters.

Jun 23•19 min read•Rad Kawar

Industry Analysis

The Cyber Deception Maturity Model: Where Does Your Organization Stand?

A comprehensive framework for assessing and advancing your deception capabilities. Includes detailed KPIs, practical metrics, implementation guidance, and a self-assessment quiz to determine your current maturity level.

Jun 15•11 min read•Rad Kawar

Industry Analysis

Deception Fundamentals: The Missing Piece in Your Security Strategy

A deep dive into the fundamentals of deception, from military doctrine to cybersecurity excellence.

Jun 9•11 min read•Rad Kawar

Rethinking Deception: Why We're Moving from Product to Enablement

After years of building deception technology and watching SOC teams struggle with yet another dashboard, we've made a fundamental shift in how we deliver cyber deception.

Jun 7•6 min read•Rad Kawar

Modern Adversary TTPs: The Rise of 'Read Teaming'

An insider's perspective on why current security products fail to stop modern red teams and sophisticated attackers, and what security teams need to know.

Apr 28•7 min read•Rad Kawar

Industry Analysis

AWS Honey Tokens: The Good, the Bad, and the Ugly

Explore the dual nature of AWS honey tokens, powerful tools for detecting attackers but with hidden risks. This deep dive covers their benefits, technical flaws, and real-world implications.