Blog
RSS feedRegistry Writes Without Registry Callbacks
Explore NTUSER.MAN, an overlooked Windows profile mechanism that allows registry persistence without triggering CmRegisterCallback EDR monitoring.
Rad Kawar / Threat Research / 5m
The Post-Compromise Gap: Why Mature Adversaries Keep Winning
An insider's perspective on why current security products fail to stop modern red teams and sophisticated attackers, and what security teams need to know.
Rad Kawar / Threat Research / 12m
Deception Taxonomy: A Common Language
A common language for deception operations. The vocabulary needed to discuss honey tokens, tripwires, and alert lifecycles with precision.
Rad Kawar / Threat Research / 6m
Windows Stealers: How Modern Infostealers Harvest Credentials
Technical analysis of Windows infostealers using Sryxen as a case study. How they decrypt browser data via DPAPI and exfiltrate credentials.
Rad Kawar / Threat Research / 5m
macOS Stealers: How Modern Infostealers Harvest Credentials
Technical analysis of macOS information stealers using Banshee as a case study. How they phish passwords, decrypt Keychains, and exfiltrate browser data.
Rad Kawar / Threat Research / 7m
Field Notes on Malware: The Evolution of C2 Evasion and What It Means for Detection
Modern C2 evasion techniques from BOFs to RISC-V emulation. Why malware developers haven't adopted certain capabilities and what defenders need to know.
Rad Kawar / Threat Research / 6m
The Psychology Behind Effective Honey Tokens
Attackers validate credentials when type and context match their targeting. Understanding cognitive shortcuts determines honey token detection success.
Rad Kawar / Threat Research / 5m
Early Warning Detection for Credential Theft: Why Behavioral Analysis Fails
57% of breaches discovered externally. Infostealer credentials evade EDR for years. Early warning honey tokens detect validation before lateral movement.
Rad Kawar / Threat Research / 7m
AI-Orchestrated Attacks: Why Detection Speed Matters More Than Ever
AI-orchestrated attacks automate 80-90% of tactical operations at machine speed. Early warning detection becomes critical when attacks move in milliseconds.
Rad Kawar / Threat Research / 12m
From Phish to Package: NPM Supply Chain Attacks
Analysis of a recent NPM supply chain attack that deployed Scavenger malware through compromised packages, including a new overlooked phishing technique.
Rad Kawar / Threat Research / 5m
Understanding Your Adversary: The Human Side of Threat Intelligence
Recognize attackers as goal-driven individuals to transform your defensive strategy. Simple, psychologically-grounded deceptions outperform complexity.
Rad Kawar / Threat Research / 8m
Threat Intelligence in Cyber Deception: A Planning Guide
How threat intelligence transforms cyber deception from guesswork into strategic planning - understanding what attackers actually do and why it matters.
Rad Kawar / Threat Research / 4m
Modern Adversary TTPs: The Rise of 'Read Teaming'
An insider's perspective on why current security products fail to stop modern red teams and sophisticated attackers, and what security teams need to know.
Rad Kawar / Threat Research / 5m