Blog Entries

15. 12. 2025 Daniel Degasperi Blue Team, Log-SIEM, SEC4U

Hunting Silent Kerberoasting: Detecting RC4 TGS Floods with Elastic

Introduction Kerberoasting remains one of the most popular techniques for attackers attempting to escalate privileges inside a Windows domain. By requesting service tickets (TGS – Ticket Granting Service) encrypted with weak algorithms, an attacker can extract hashes and crack them offline to recover service account passwords. It should be mentioned that a Kerberos ticket request…

Read More
03. 10. 2025 Daniel Degasperi Blue Team, Log-SIEM, SEC4U

From Noisy Detections to Precision: Moving from KQL to ESQL in Elastic Security

Introduction In modern SOC environments, detection rules are the cornerstone of identifying malicious activity. However, the effectiveness of a rule depends not only on what it looks for but also on how precisely it defines suspicious behavior. Many analysts have experienced the pain of rules that are “noisy” – generating countless false positives (FPs) that…

Read More

Search by technology

Contact

Contact us
Serviceportal

Archive