When most people think about phishing, they picture a fake login page harvesting credentials. Device code phishing doesn’t work that way. There’s no spoofed domain. No credential harvesting. No malware. The victim authenticates against real Microsoft infrastructure, completes their MFA challenge, and hands an attacker a fully valid Bearer token — all without knowing anything unusual happened. ...
If you haven’t read the threat intelligence breakdown of the ShinyHunters Salesforce campaign, start there. This article assumes you know what happened and focuses on what to do about it. ...
A SIEM — Security Information and Event Management system — is the nerve center of a security operations environment. It collects logs and telemetry from across your infrastructure, correlates events into alerts, and gives you a unified view of what’s happening on every machine you care about. For years, running your own SIEM meant either paying for enterprise licensing or wrestling with complex open-source deployments. Wazuh changed that calculus significantly. ...
What I Built and Why Most threat intelligence dashboards are either expensive enterprise platforms or simple embeds pulling from someone else’s API. Neither felt right for a portfolio — one costs money, the other doesn’t demonstrate anything about your actual capabilities. ...