FEATURED

Ghosts
on the
wire.

How a four-person IR team unraveled a year-long compromise hiding inside legitimate backup traffic — and the playbook every defender should steal.

Start here →

# dwell-time analysis

$ grep -E "BackupSvc.*POST" access.log

...368 days of legitimate-looking writes

→ found: 1 anomaly

## ~/posts $ ls -lt

The feed

First post coming soon.