Finding (Executables in) User-Writeable Directories This article presents two different detection types for insecure filesystem permissions on Windows endpoints: scanning for directories that are user-writable, and detecting processes that are started from user-writeable directories. Read more
Application Network Connection Monitoring With Splunk & uberAgent This is part 1 of my application network connection monitoring series, a group of articles that explain how to analyze the network traffic of any Windows or macOS app. Read more