CTRL K

Blog
- How I Passed HTB CPTS: Preparation, Exam Strategy, and Lessons Learned
- How I Passed OffSec OSEP: PEN-300, AV Evasion, and Exam Strategy
Docs
About

Hack The Box
- HTB - Expressway
- HTB - Remote
Red Team
Blue Team
- Hunting for LOLBins in Windows Event Logs: certutil & bitsadmin
AppLocker

Blue Team

Detection and threat hunting written from the attacker’s perspective. Each post breaks down how a specific attack works, then maps it to detectable artifacts: event IDs, Sysmon fields, and log sources. Understanding the offense is how you build better defense.

Hunting LOLBins in Windows Event Logs

Detecting certutil and bitsadmin abuse with Sysmon and Event Logs.

Last updated on March 7, 2026