https://heyshahrukh.me/blogs Cybersecurity essays on detection engineering, AI security, SOC automation, and threat intelligence. en-us Mon, 08 Jun 2026 13:46:33 GMT https://heyshahrukh.me/blogs/10-cybersecurity-case-studies-every-security-engineer-should-study https://heyshahrukh.me/blogs/10-cybersecurity-case-studies-every-security-engineer-should-study Thu, 04 Jun 2026 17:36:24 GMT Ten cybersecurity case studies every security engineer should study, what happened, how it unfolded, and the key lesson. https://heyshahrukh.me/blogs/mitre-atlas-the-security-framework-built-for-the-age-of-ai https://heyshahrukh.me/blogs/mitre-atlas-the-security-framework-built-for-the-age-of-ai Wed, 03 Jun 2026 17:47:10 GMT Learn what MITRE ATLAS is, how it works, and why every security team needs it. The complete guide to defending AI systems against real-world adversarial attacks https://heyshahrukh.me/blogs/what-is-an-agentic-ai-soc-analyst-a-comprehensive-guide https://heyshahrukh.me/blogs/what-is-an-agentic-ai-soc-analyst-a-comprehensive-guide Wed, 03 Jun 2026 17:21:39 GMT Learn how Agentic AI SOC Analysts automate threat detection, investigation, and response, transforming modern SOC operations with AI-driven security. https://heyshahrukh.me/blogs/essential-soc-tools-and-technologies https://heyshahrukh.me/blogs/essential-soc-tools-and-technologies Sun, 31 May 2026 06:39:17 GMT Explore the essential tools used by SOC analysts, including SIEM, EDR, SOAR, TIPs, XDR, CSPM, UEBA, and vulnerability scanners. https://heyshahrukh.me/blogs/ai-in-modern-email-security https://heyshahrukh.me/blogs/ai-in-modern-email-security Sat, 30 May 2026 18:31:05 GMT Discover how AI enhances email security through phishing detection, threat analysis, anomaly detection, and automated response. https://heyshahrukh.me/blogs/email-security-triage-framework https://heyshahrukh.me/blogs/email-security-triage-framework Sat, 30 May 2026 18:32:47 GMT A step by step framework for investigating phishing emails, analyzing URLs, attachments, and indicators before responding to threats. https://heyshahrukh.me/blogs/soc-l1-email-investigation-guide https://heyshahrukh.me/blogs/soc-l1-email-investigation-guide Sat, 30 May 2026 18:35:01 GMT Learn how SOC L1 analysts investigate suspicious emails using headers, URLs, attachments, domain checks, and phishing analysis techniques. https://heyshahrukh.me/blogs/email-security-best-practices-for-modern-organizations https://heyshahrukh.me/blogs/email-security-best-practices-for-modern-organizations Sat, 30 May 2026 18:37:15 GMT Explore modern email threats, phishing risks, BEC attacks, and practical security controls to protect your organization from compromise https://heyshahrukh.me/blogs/mitre-attck-v19-explained https://heyshahrukh.me/blogs/mitre-attck-v19-explained Sat, 30 May 2026 18:39:12 GMT Explore MITRE ATT&CK v19, including the retirement of Defense Evasion and the introduction of Stealth and Defense Impairment tactics. https://heyshahrukh.me/blogs/mitre-attck-v19-why-the-new-tactic-matters-for-soc-teams https://heyshahrukh.me/blogs/mitre-attck-v19-why-the-new-tactic-matters-for-soc-teams Sat, 30 May 2026 18:40:29 GMT Learn how MITRE ATT&CK v19 splits Defense Evasion into Stealth and Impair Defenses, reshaping detection and SOC operations. https://heyshahrukh.me/blogs/why-most-soc-detections-fail https://heyshahrukh.me/blogs/why-most-soc-detections-fail Sat, 30 May 2026 18:41:31 GMT Learn why behavior based detections outperform basic IOC alerts and how modern SOC teams can reduce noise and improve threat visibility. https://heyshahrukh.me/blogs/owasp-ai-top-10-with-mitre-atlas https://heyshahrukh.me/blogs/owasp-ai-top-10-with-mitre-atlas Sat, 30 May 2026 18:43:00 GMT Explore the OWASP AI Top 10 risks and their MITRE ATLAS mappings, with real world examples of attacks against LLM applications. https://heyshahrukh.me/blogs/ai-security-monitoring-logs-guide https://heyshahrukh.me/blogs/ai-security-monitoring-logs-guide Sat, 30 May 2026 18:44:42 GMT Learn which logs are critical for AI security monitoring, prompt injection detection, agent tracing, and MITRE ATLAS aligned visibility. https://heyshahrukh.me/blogs/why-great-products-still-fail https://heyshahrukh.me/blogs/why-great-products-still-fail Sat, 30 May 2026 18:46:30 GMT Innovation alone is not enough. Learn why onboarding, training, and user experience determine whether products succeed or become shelfware. https://heyshahrukh.me/blogs/application-detection-response https://heyshahrukh.me/blogs/application-detection-response Sat, 30 May 2026 18:48:31 GMT Discover how ADR enhances application security by detecting runtime threats, zero day exploits, and logic flaws beyond traditional WAFs. https://heyshahrukh.me/blogs/building-an-email-header-filter https://heyshahrukh.me/blogs/building-an-email-header-filter Sat, 30 May 2026 18:50:11 GMT Learn how origin based email filters use header analysis to block phishing, spam, and spoofed emails before content inspection begins. https://heyshahrukh.me/blogs/the-hidden-risk-of-hero-culture https://heyshahrukh.me/blogs/the-hidden-risk-of-hero-culture Sat, 30 May 2026 18:52:31 GMT Discover how RACI and CMMI help organizations eliminate key person dependency and build resilient, process driven operations. https://heyshahrukh.me/blogs/why-90-of-products-fail https://heyshahrukh.me/blogs/why-90-of-products-fail Sat, 30 May 2026 18:55:47 GMT Discover why planning, process maturity, and strategic execution matter more than funding, vision, or technical expertise. https://heyshahrukh.me/blogs/t1036003-rename-system-utilities https://heyshahrukh.me/blogs/t1036003-rename-system-utilities Thu, 28 May 2026 19:25:48 GMT MITRE ATT&CK Technique: T1036.003-Rename System Utilities. Detections, visibility, use cases and real world attack insights. https://heyshahrukh.me/blogs/t1105-ingress-tool-transfer https://heyshahrukh.me/blogs/t1105-ingress-tool-transfer Sat, 30 May 2026 19:27:39 GMT MITRE ATT&CK Technique: T1105 Ingress Tool Transfer. Detections, visibility, use cases and real world attack insights. https://heyshahrukh.me/blogs/t1218011-rundll32 https://heyshahrukh.me/blogs/t1218011-rundll32 Sat, 30 May 2026 19:31:37 GMT MITRE ATT&CK Technique: T1218.011 Rundll32. Detections, visibility, use cases and real world attack insights. https://heyshahrukh.me/blogs/t1003-os-credential-dumping https://heyshahrukh.me/blogs/t1003-os-credential-dumping Sat, 30 May 2026 19:34:30 GMT MITRE ATT&CK Technique: T1003 OS Credential Dumping. Detections, visibility, use cases and real world attack insights. https://heyshahrukh.me/blogs/t1114003-email-forwarding-rule https://heyshahrukh.me/blogs/t1114003-email-forwarding-rule Sat, 30 May 2026 19:37:40 GMT MITRE ATT&CK Technique: T1114.003-Email Forwarding Rule. Detections, visibility, use cases and real world attack insights. https://heyshahrukh.me/blogs/t1027-obfuscated-files-or-information https://heyshahrukh.me/blogs/t1027-obfuscated-files-or-information Sat, 30 May 2026 19:40:03 GMT Trending MITRE ATT&CK Technique: T1027-Obfuscated Files or Information. Detections, visibility, use cases and real world attack insights. https://heyshahrukh.me/blogs/t1078004-cloud-accounts https://heyshahrukh.me/blogs/t1078004-cloud-accounts Sat, 30 May 2026 19:41:52 GMT MITRE ATT&CK Technique: T1078.004-Cloud Accounts. Detections, visibility, use cases and real world attack insights. https://heyshahrukh.me/blogs/t1047-windows-management-instrumentation https://heyshahrukh.me/blogs/t1047-windows-management-instrumentation Sat, 30 May 2026 19:43:10 GMT MITRE ATT&CK Technique: T1047-Windows Management Instrumentation. Detections, visibility, use cases and real world attack insights. https://heyshahrukh.me/blogs/t1059003-windows-command-shell https://heyshahrukh.me/blogs/t1059003-windows-command-shell Wed, 03 Jun 2026 17:05:36 GMT MITRE ATT&CK Technique: T1059.003 - Windows Command Shell. Detections, visibility, use cases and real world attack insights. https://heyshahrukh.me/blogs/t1059001-powershell https://heyshahrukh.me/blogs/t1059001-powershell Wed, 03 Jun 2026 17:12:10 GMT MITRE ATT&CK Technique: T1059.001 - PowerShell. Detections, visibility, use cases and real world attack insights.