[02] PUBLICATIONS

Publications

Security research and technical writing published across various platforms. Contributing to the broader security community.

Recent Publications

6 articles
Cloud ResearchJun 2025

Microsoft Entra ID OAuth Phishing and Detections

Exploring OAuth phishing and token-based abuse in Microsoft Entra ID through emulation and analysis of tokens, device behavior, and sign-in activity.

18 min
OAuthMicrosoft Entra IDPhishing
Threat EmulationMay 2025

Bit ByBit - Emulation of the DPRK's Largest Cryptocurrency Heist

A high-fidelity emulation of the DPRK's largest cryptocurrency heist via a compromised macOS developer and AWS pivots.

25 min
DPRKCryptocurrencymacOS
Cloud ResearchMar 2025

AWS SNS Abuse: Data Exfiltration and Phishing

Developed detection capabilities by investigating publicly known SNS abuse attempts for data exfiltration and phishing operations.

15 min
AWSSNSData Exfiltration
Threat EmulationFeb 2025

Emulating AWS S3 SSE-C Ransom for Threat Detection

Explores how threat actors leverage Amazon S3's Server-Side Encryption with Customer-Provided Keys for ransom and extortion operations.

20 min
AWSS3Ransomware
Cloud ResearchDec 2024

Exploring AWS STS AssumeRoot

Investigating the implications of AWS STS AssumeRole and its potential for abuse in cloud environments.

16 min
AWSSTSPrivilege Escalation
Threat DetectionOct 2024

Cups Overflow: When your printer spills more than Ink

Dive into threat detection strategies for the CUPS vulnerability.

22 min
Threat DetectionCUPSVulnerabilities

Full Archive

Browse the complete collection of 13 publications, including older research and external contributions.

View Archive