Blog
RSS feedWhat's in a Good Honeytoken
A good honeytoken gets used. Learn the principles that make adversaries validate credentials rather than skip past them.
Rad Kawar / Strategy / 5m
Pre-emptive Detection Without Prediction
Via negativa detection defines what should never happen rather than predicting attacks. When it fires, you've caught an attack you didn't predict.
Rad Kawar / Strategy / 5m
Getting Started with Early Warning Honey Tokens
A practical guide to deploying early warning honey tokens effectively. Learn the lifecycle, placement strategy, and best practices that make deception work.
Rad Kawar / Best Practices / 6m
Registry Writes Without Registry Callbacks
Explore NTUSER.MAN, an overlooked Windows profile mechanism that allows registry persistence without triggering CmRegisterCallback EDR monitoring.
Rad Kawar / Threat Research / 5m
The Reflexive Game: Why Deception Operates on Minds, Not Systems
Deception operates on thinking adversaries who adapt to your moves. Understanding this reflexive dynamic between defender and attacker changes everything.
Rad Kawar / Strategy / 6m
The Post-Compromise Gap: Why Mature Adversaries Keep Winning
An insider's perspective on why current security products fail to stop modern red teams and sophisticated attackers, and what security teams need to know.
Rad Kawar / Threat Research / 12m
Deception Taxonomy: A Common Language
A common language for deception operations. The vocabulary needed to discuss honey tokens, tripwires, and alert lifecycles with precision.
Rad Kawar / Threat Research / 6m
Detecting Unauthenticated AWS OSINT: Catching Adversaries Before They're Inside
Detect unauthenticated S3 bucket enumeration before attackers get inside. Tools like cloud_enum run freely without alerts - until now.
Rad Kawar / Product Insights / 5m
Windows Stealers: How Modern Infostealers Harvest Credentials
Technical analysis of Windows infostealers using Sryxen as a case study. How they decrypt browser data via DPAPI and exfiltrate credentials.
Rad Kawar / Threat Research / 5m
macOS Stealers: How Modern Infostealers Harvest Credentials
Technical analysis of macOS information stealers using Banshee as a case study. How they phish passwords, decrypt Keychains, and exfiltrate browser data.
Rad Kawar / Threat Research / 7m
Field Notes on Malware: The Evolution of C2 Evasion and What It Means for Detection
Modern C2 evasion techniques from BOFs to RISC-V emulation. Why malware developers haven't adopted certain capabilities and what defenders need to know.
Rad Kawar / Threat Research / 6m
Processing CloudTrail Logs from S3: Discovery and Resumption Patterns
Process CloudTrail logs efficiently using S3's hierarchical structure. Learn discovery patterns and resumption strategies for organization trails.
Rad Kawar / Engineering / 6m
The Psychology Behind Effective Honey Tokens
Attackers validate credentials when type and context match their targeting. Understanding cognitive shortcuts determines honey token detection success.
Rad Kawar / Threat Research / 5m
Early Warning Detection for Credential Theft: Why Behavioral Analysis Fails
57% of breaches discovered externally. Infostealer credentials evade EDR for years. Early warning honey tokens detect validation before lateral movement.
Rad Kawar / Threat Research / 7m
EventBridge Pattern Matching: A Field Guide
Master AWS EventBridge pattern construction for security detection. Learn pattern expansion, nested logic, and common pitfalls with practical examples.
Rad Kawar / Engineering / 7m
AI-Orchestrated Attacks: Why Detection Speed Matters More Than Ever
AI-orchestrated attacks automate 80-90% of tactical operations at machine speed. Early warning detection becomes critical when attacks move in milliseconds.
Rad Kawar / Threat Research / 12m
Early Warning Honey Tokens: Give Adversaries Options
Early warning honey tokens break the attacker's risk calculus. Learn how planting monitored credentials creates detection opportunities at validation time.
Rad Kawar / Product Insights / 12m
DeceptIQ: High-Fidelity Detection at Cloud Scale
Built by red teamers to catch adversaries. The deception technology platform we wish every organization we compromised had in place.
Rad Kawar / Product Insights / 4m
From Phish to Package: NPM Supply Chain Attacks
Analysis of a recent NPM supply chain attack that deployed Scavenger malware through compromised packages, including a new overlooked phishing technique.
Rad Kawar / Threat Research / 5m
Understanding Your Adversary: The Human Side of Threat Intelligence
Recognize attackers as goal-driven individuals to transform your defensive strategy. Simple, psychologically-grounded deceptions outperform complexity.
Rad Kawar / Threat Research / 8m
Threat Intelligence in Cyber Deception: A Planning Guide
How threat intelligence transforms cyber deception from guesswork into strategic planning - understanding what attackers actually do and why it matters.
Rad Kawar / Threat Research / 4m
The Cyber Deception Maturity Model: Where Does Your Organization Stand?
Assess your deception maturity with this framework. Includes KPIs, metrics, implementation guidance, and a self-assessment quiz for your organization.
Rad Kawar / Industry Analysis / 14m
Deception Fundamentals: The Missing Piece in Your Security Strategy
A deep dive into deception fundamentals, from military doctrine to cybersecurity. Learn why attackers avoid most honey tokens and how to build effective ones.
Rad Kawar / Industry Analysis / 8m
Modern Adversary TTPs: The Rise of 'Read Teaming'
An insider's perspective on why current security products fail to stop modern red teams and sophisticated attackers, and what security teams need to know.
Rad Kawar / Threat Research / 5m
AWS Honey Tokens: The Good, the Bad, and the Ugly
AWS honey tokens are powerful detection tools with hidden risks. Learn their benefits, technical flaws, fingerprinting vulnerabilities, and real-world implications.
Rad Kawar / Industry Analysis / 5m