Forensics
DFIR
Decoding OWA Ids in On-Prem Exchange
How to decode OWA Id parameters from IIS logs to extract the PR_ENTRYID and identify specifically which emails were accessed in an on-prem Exchange environment.
Automation
Blue Team Tactics: Honey Tokens Pt. II
Part two of the honey tokens series covering PowerShell-based token deployment, validating audit ACL settings, and testing adversary interaction detection via PowerShell remoting, RDP, and Meterpreter process injection.