RECON

Windows Event Log Analysis: Red Team Guide to Kerberos & AD Attacks Windows Event Log Analysis: Investigating Kerberos & AD Attacks Updated on February 18, 2026 Table of Contents Prerequisites 1. Initial Triage & Investigation Workflow 2. Deep Technical Breakdown – Event IDs & Attack Mapping 3. Practical Log Analysis Techniques & Tooling 4. SIEM-Based Detection & Correlation 5. Red Team Insight (The Adversary Perspective) Conclusion You've got the call. The Domain Controller (DC) is acting st...

Unit 42 researchers observed a low-skilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics

During a customer project we identified an issue with the validation of JWT tokens that allowed us to bypass the authentication by using unsigned tokens with arbitrary payloads. During analysis we found out that this is caused by a vulnerability within the library OpenID Connect Authenticator for Tomcat. OpenID Connect Authenticator for Tomcat between versions […]

We uncover how a campaign used Atlassian Jira Cloud to launch automated and targeted spam campaigns, exploiting trusted SaaS workflows to bypass security controls.

Black Basta Ransomware: Tactics & Prevention    Qualys