Manish Rawat
Security Analyst | Threat Detection & SIEM
Profile in progress
Manish is building their profile!
Working through the MITRE ATT&CK Evaluations APT29 dataset in Splunk and documenting everything I find. Part 1 covers EventID 1, the initial dropper, steganographic payload execution inside a PNG image, and what the EventID distribution revealed about how APT29 avoids process-based detection. The Sigma detection rules for every technique I find across the full series will publish on Substack. Part 1 is here: https://open.substack.com/pub/manishrawat21/p/hunting-apt29-in-196071-logs-what?r=7dntti&utm_campaign=post&utm_medium=web&showWelcomeOnShare=true
#Cybersecurity #ThreatHunting #APT29 #DetectionEngineering #infosec #Contra
1
40
Recently something interesting happened.
My research on DLL hijacking detection was referenced in work from the National Cyber Security Centre (Cyber Defence Analysis).
The section “37 Sysmon Events. One Complete DLL Hijacking Attack” came from my analysis of malware telemetry showing how code execution occurred without triggering alerts.
To clarify: the detection PoC mentioned later isn’t mine — my contribution focused on identifying the detection gap.
Right now I’m continuing to explore:
• Sysmon event correlation
• Detection blind spots in Windows telemetry
• Why some attacks still bypass common logging assumptions
If you're working on detection engineering, threat hunting, or malware analysis, I’d be happy to exchange ideas.
#threathunting #Malwareanalysis #Medium #Infosec #detectionengineering
2
89
Responding to SSH Brute-Force Attacks in a Home Lab
0
0
Handling a Fake Port Scan in SOC Lab
0
0