CyberWillow — Security Research & Insights

A deep technical walkthrough of three malicious npm packages — from initial discovery through behavioral analysis, obfuscation techniques, and the YARA rules that catch them.

npm supply chain malware analysis YARA

Mar 21, 2026 8 min read

Detection Engineering

Building Resilient Detections for Active Directory Persistence

How to craft SIEM detections that survive attacker evasion — covering golden ticket, DCSync, and AdminSDHolder abuse with practical Splunk queries.

Active Directory Splunk SIEM

Mar 08, 2026 10 min read

Cloud Security

The IAM Misconfiguration Playbook: AWS Privilege Escalation Paths You're Missing

A field guide to the most overlooked IAM privilege escalation vectors in AWS, with automated detection strategies and remediation patterns.

AWS IAM cloud security

Feb 22, 2026 6 min read

Perspective

The Stoic SOC: Philosophy as a Framework for Incident Response

What Marcus Aurelius and Epictetus can teach us about alert fatigue, cognitive bias under pressure, and sustainable security operations.

philosophy SOC incident response

Exploring the roots of modern security

Latest Posts

Anatomy of an npm Supply Chain Attack: Dissecting Malicious Packages in the Wild

Building Resilient Detections for Active Directory Persistence

The IAM Misconfiguration Playbook: AWS Privilege Escalation Paths You're Missing

The Stoic SOC: Philosophy as a Framework for Incident Response

Latest Posts

Anatomy of an npm Supply Chain Attack: Dissecting Malicious Packages in the Wild

Building Resilient Detections for Active Directory Persistence

The IAM Misconfiguration Playbook: AWS Privilege Escalation Paths You're Missing

The Stoic SOC: Philosophy as a Framework for Incident Response

Stay rooted.