AutoCypher

AC

Service Principal Credential Adds Are the Entra Persistence Move Conditional Access Won’t See

An attacker with app-management rights doesn’t need another password. They add their own secret to a trusted service principal and authenticate as the app, outside MFA and outside Conditional Access. Here is what the audit event looks like, what the first round of tuning has to fix, and where the cleanest preventive control hides behind a SKU you probably didn’t buy.

AU

ESXi Forensics and the RAMdisk Logging Gap Nobody Configured Around

On ESXi the logs that explain how an intruder got root are written to a ramdisk that a reboot erases. Here is where the evidence actually lives, what to detect before it’s gone, and how it maps to the audit-storage controls the architecture violates by default.

AU

Device Code Phishing Lives in the Log Table You Don’t Ingest

Device code phishing produces a clean, MFA-satisfied sign-in on Microsoft’s own infrastructure — and most of the telemetry that betrays it sits in the Entra non-interactive log table teams drop to save money. Here’s where the detection actually lives, how the threshold flips between a Windows shop and a dev-heavy tenant, and the persistence artifacts the closeout always skips.

AC

Countering Adversary AI Agents That Run the Whole Operation

GTG-1002 showed an AI agent running recon through exfiltration at machine speed across roughly 30 targets. A blue-team analysis of the behavioral tells, the identity and SIEM signals that expose autonomous operations, how to break the adversary’s loop, and where defensive AI agents help versus where the human-in-the-loop line stays.

AU

Kerberoasting detection in 2026: the 4769 signals that hold up, AES downgrade tells, and clearing service-account account noin week one

Encryption-type detancy deton Kerberos TGS requests still catches lazy roasting, but as RC4 gets disabled the durable signal moves to behavior. What to grep for, why the AES downgrade tell degrades, and how to kill service-account false positives before they bury the SOC.

AT

ClickFix Detection Has a RunMRU Blind Spot, and FileFix Is Walking Through It

Most teams write their first ClickFix detection against the Windows Run dialog’s RunMRU artifact. FileFix and the App-V proxy variant route around it the next day. Here is the detection that survives, and what the first week of tuning has to fix.

Artificial Intelligence

Watch the Image Fetch: Detecting Indirect Prompt Injection on Egress

Indirect prompt injection is hard to catch in the prompt and easy to miss in the model output. The reliable detection surface is the outbound fetch the rendered answer triggers — here is how to instrument it and where the false positives come from.

CM

When the EDR Goes Quiet: Detecting BYOVD Driver Kills Before the Encryptor Runs

Bring-your-own-vulnerable-driver EDR killers are a standard stage in ransomware intrusions now, not an exotic capability. The driver blocklist is the weakest control you have against them. Here is what to instrument instead.

Artificial Intelligence

Detecting MCP Rug Pulls When an Approved Tool Rewrites Its Own Description

An MCP server you approved last week can mutate its tool descriptions tonight, and most clients won’t tell you. Here’s how the rug pull works, what to log, and what the detection actually looks like before the false positives bury it.

AU

When netstat Lies: Detecting eBPF Magic-Packet Backdoors on Linux

A clean netstat is not proof of safety: eBPF backdoors like LinkPro keep an internal listener, rewrite ports through XDP/TC, and can make bpftool lie about themselves. The durable signal is the bpf() syscall at load time, and on Cilium-heavy fleets, telling real loaders from noise is most of the work.