[02] PUBLICATIONS

Publications

Security research and technical writing published across various platforms. Contributing to the broader security community.

Recent Publications

6 articles

Identity SecurityMay 2026

Detecting Tycoon 2FA AiTM attacks across Entra ID and Google Workspace

Detection engineering for the Tycoon 2FA phishing-as-a-service platform, which uses adversary-in-the-middle techniques to steal MFA-protected sessions across Microsoft 365 and Google Workspace.

22 min

AiTMMicrosoft 365PhaaS

MalwareMay 2026

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook

Analysis of a Brazilian banking trojan that spreads through trojanized Logitech installers and self-propagating worm modules, abusing WhatsApp and Outlook to target financial institutions.

20 min

MalwareBanking TrojanWorm

Cloud ResearchJun 2025

Microsoft Entra ID OAuth Phishing and Detections

Exploring OAuth phishing and token-based abuse in Microsoft Entra ID through emulation and analysis of tokens, device behavior, and sign-in activity.

18 min

OAuthMicrosoft Entra IDPhishing

Threat EmulationMay 2025

Bit ByBit - Emulation of the DPRK's Largest Cryptocurrency Heist

A high-fidelity emulation of the DPRK's largest cryptocurrency heist via a compromised macOS developer and AWS pivots.

25 min

DPRKCryptocurrencymacOS

Cloud ResearchMar 2025

AWS SNS Abuse: Data Exfiltration and Phishing

Developed detection capabilities by investigating publicly known SNS abuse attempts for data exfiltration and phishing operations.

15 min

AWSSNSData Exfiltration

Threat EmulationFeb 2025

Emulating AWS S3 SSE-C Ransom for Threat Detection

Explores how threat actors leverage Amazon S3's Server-Side Encryption with Customer-Provided Keys for ransom and extortion operations.

20 min

AWSS3Ransomware

Full Archive

Browse the complete collection of 15 publications, including older research and external contributions.

View Archive