Blog

Technical insights on SIEM, EDR, and Blue Team operations from the SOC

5 posts

I Built a Self-Hosted Threat Intelligence Platform to Stop Tab-Hopping Forever
Mar 4, 2026 3 min read Advanced
Projects Threat Intelligence Threatweave Go Svelte
A few months ago I was triaging a suspicious IP and caught myself with VirusTotal, AbuseIPDB, Shodan, and OTX all open at once, reconciling results by hand. I’d done that same thing probably a …
Read More
Building a Security-Focused Homelab: Lessons from Week One
Oct 22, 2025 3 min read Intermediate
Homelab SIEM Proxmox Wazuh
Starting my homelab journey has been more rewarding than I expected. After researching budget options, I settled on a Dell OptiPlex 7070 with 16GB of RAM, 256GB of storage, and an Intel i5 8500T. …
Read More
Active Node.js Malware Campaign Targeting Manual Reader Applications
Oct 21, 2025 2 min read Intermediate
Threat Hunting Incident Response Malware Node.js EDR
We’re seeing a significant uptick in a malware campaign that’s affecting multiple customers. This one’s worth knowing about if you’re in a SOC or working with EDR platforms. …
Read More
Building Effective Threat Hunting Queries
Oct 20, 2025 2 min read Intermediate
Threat Hunting SIEM Queries Splunk Sentinel KQL
Effective threat hunting queries help you find what automated detections miss. Here’s my approach to building them. Start with a Hypothesis Before writing a query, form a hypothesis about …
Read More
Welcome to my blog
Oct 20, 2025 1 min read Beginner
Blue Team Tactics MDR Detection Engineering
I’m Elmer Phillips, a Security Analyst working in Managed Detection & Response at At-Bay. This blog is where I share practical notes from the SOC. Detection engineering, SIEM queries, threat …
Read More