Blog Entries

25. 06. 2026 Daniel Degasperi Blue Team, Log-SIEM, SEC4U, Threat Intelligence

LOLDrivers Is More Than a Simple List: A New Approach to BYOVD Detection

1. Introduction The abuse of vulnerable drivers has become an increasingly common technique adopted by attackers to bypass modern security controls. This attack pattern, commonly referred to as Bring Your Own Vulnerable Driver (BYOVD), consists of loading legitimately signed but vulnerable drivers into the operating system in order to gain kernel-level privileges, disable security products,…

Read More
11. 03. 2026 Daniel Degasperi Blue Team, Log-SIEM, SEC4U, Threat Intelligence

From Static Lists to Threat Intelligence: Better Domain Detection in Elastic

A scalable approach to detecting malicious domains using Threat Intelligence and Indicator Match Rules One of the most common techniques used in phishing and initial access campaigns is the creation of domains that closely resemble legitimate ones. Attackers exploit typosquatting, homograph attacks, and brand impersonation to deceive users and steal credentials. For a Security Operations…

Read More
15. 12. 2025 Daniel Degasperi Blue Team, Log-SIEM, SEC4U

Hunting Silent Kerberoasting: Detecting RC4 TGS Floods with Elastic

Introduction Kerberoasting remains one of the most popular techniques for attackers attempting to escalate privileges inside a Windows domain. By requesting service tickets (TGS – Ticket Granting Service) encrypted with weak algorithms, an attacker can extract hashes and crack them offline to recover service account passwords. It should be mentioned that a Kerberos ticket request…

Read More
03. 10. 2025 Daniel Degasperi Blue Team, Log-SIEM, SEC4U

From Noisy Detections to Precision: Moving from KQL to ESQL in Elastic Security

Introduction In modern SOC environments, detection rules are the cornerstone of identifying malicious activity. However, the effectiveness of a rule depends not only on what it looks for but also on how precisely it defines suspicious behavior. Many analysts have experienced the pain of rules that are “noisy” – generating countless false positives (FPs) that…

Read More

Archive