DEV Community: Harsh Kanojia

The Hidden Risks of Public Wi-Fi Networks

Harsh Kanojia — Sat, 11 Apr 2026 06:21:40 +0000

Abstract

Public Wi-Fi is everywhere. From coffee shops to airports, we rely on these free signals to stay connected. However, convenience often masks significant security vulnerabilities. This post explores why these networks are dangerous and how you can protect your digital identity while using them.

The Revelation

During my studies at Deakin University, I spent time analyzing network traffic in public spaces. I realized how easily a novice actor can capture sensitive information. We often treat internet access as a utility without considering the infrastructure behind it. This journey shifted my perspective from seeing Wi-Fi as a convenience to seeing it as a potential attack surface.

The Big Picture

Global connectivity has made our lives easier. We check bank balances and send work emails on the go. Yet, public Wi-Fi is an unencrypted or poorly secured environment. Every packet of data you send travels through the air, waiting to be intercepted by anyone with the right tools.

The Problem

The main issue is the lack of proper authentication and encryption. When you connect to an open network, you are essentially sharing a digital space with strangers. Hackers use techniques like Man-in-the-Middle attacks. In this scenario, an attacker positions themselves between your device and the connection point to eavesdrop on your traffic.

The Investigation

I simulated a common attack using a standard laptop and open source software. I discovered that without a secure tunnel, I could see unencrypted requests being made by nearby devices. This included website names and sometimes even login tokens. It was a stark reminder that if a student can find this, malicious actors have been doing it for years.

Key Findings

Unencrypted traffic is visible to anyone on the same network.
Rogue access points can mimic legitimate hotel or cafe names.
Session cookies can be stolen to hijack active accounts.
Mobile applications often fail to use secure connections.

Why It Matters

Your digital identity is your most valuable asset. A breach on public Wi-Fi can lead to stolen credentials or private financial data exposure. Businesses also face risks when employees connect to these networks to access corporate servers. One weak link can compromise an entire organization.

How to Stay Safe

Use a Virtual Private Network. This creates an encrypted tunnel for your data.
Disable automatic Wi-Fi joining on your smartphone and laptop.
Stick to HTTPS websites. Look for the padlock icon in your browser address bar.
Use cellular data instead of public Wi-Fi whenever possible.
Enable two-factor authentication on all your accounts.

Final Thoughts

Cybersecurity is not just about complex software. It is about building better habits. Understanding the risks of public networks allows you to enjoy the benefits of the internet without exposing your personal information to unnecessary dangers.

Conclusion

Public Wi-Fi remains a necessary tool in our modern world. However, awareness is your best defense. By adopting a security-first mindset and using the tools mentioned above, you can significantly reduce your risk profile and browse with confidence.

Let’s Chat

Have you ever felt suspicious while using a public network? What steps do you take to stay secure? I would love to hear your experiences and discuss how we can make the digital space safer together. Reach out via the links below.

🖋️ Written by - Harsh Kanojia

🔗 LinkedIn - https://www.linkedin.com/in/harsh-kanojia369/
💻 GitHub - https://github.com/harsh-hak
🌐 Portfolio - https://harsh-hak.github.io/
👥 Community - https://cybersphere-community.github.io/

Understanding Modern Cyber Threat Hunting

Harsh Kanojia — Wed, 08 Apr 2026 07:50:13 +0000

Abstract

In this post, we explore how cyber threats evolve and how researchers identify them. We will look at a common attack pattern and explain the steps taken to neutralize it. This guide is designed to help students and enthusiasts understand the fundamentals of security monitoring.

The Revelation

Every security professional remembers the first time they spotted an anomaly. It usually starts with a log entry that looks slightly out of place. During a routine scan of network traffic, I noticed an unusual pattern of data exfiltration. This discovery served as a reminder that visibility is the most powerful tool in a security arsenal.

The Big Picture

The cybersecurity landscape is changing rapidly. As we integrate more cloud services and remote tools into our daily lives, the attack surface grows. An attack surface refers to the sum of all points where an unauthorized user can try to enter or extract data from an environment. Protecting this space requires constant vigilance.

The Problem

Many systems suffer from blind spots. Security teams often have too much data but not enough context. When alerts fire constantly, it leads to alert fatigue. This is a state where human analysts become desensitized to warnings because there are simply too many false positives. We need better ways to filter the noise and focus on real threats.

The Investigation

When a suspicious event occurs, we start an investigation. We look for the root cause of the incident. In my recent analysis, I followed the digital breadcrumbs left by the attacker. I examined the following elements.

Source IP addresses and their reputation.
File hash values to see if known malware was used.
Network protocols to identify unauthorized communication.
User account activity to spot privilege escalation.

Key Findings

My analysis revealed a classic case of credential stuffing. This is an attack where hackers use stolen username and password pairs from previous data breaches to gain unauthorized access to other accounts. The attacker used a botnet to cycle through credentials rapidly. Because many users reuse passwords, the attack was effective until we blocked the specific range of malicious IPs.

Why It Matters

Attacks like these highlight the fragility of our digital identities. When one account is compromised, the attacker can move laterally across a network. Lateral movement is the technique used by hackers to move deeper into a system once they have gained initial access. Preventing this requires a layered approach to security.

How to Stay Safe

You can take several proactive steps to improve your personal and professional security posture.

Use a reputable password manager to ensure unique passwords.
Enable multi-factor authentication on every possible service.
Keep your software and operating systems updated to patch vulnerabilities.
Be skeptical of unsolicited emails or messages asking for credentials.

Final Thoughts

Cybersecurity is not just about tools and software. It is about building a mindset of awareness. As a student, I am learning that the most effective security measures often involve simple habits. By focusing on the basics like identity management and regular updates, we can mitigate a large percentage of potential attacks.

Conclusion

We have explored the lifecycle of a threat and the importance of monitoring. While the tactics of attackers will continue to evolve, our defensive strategies must remain grounded in core principles. Stay curious, keep testing, and never stop learning about the systems you are trying to protect.

Let’s Chat

What are your thoughts on current threat hunting techniques? Do you have a story about a security discovery you made while learning? I would love to hear your perspectives. Leave a comment or reach out on my social channels so we can discuss the future of digital defense together.

🖋️ Written by - Harsh Kanojia

🔗 LinkedIn - https://www.linkedin.com/in/harsh-kanojia369/
💻 GitHub - https://github.com/harsh-hak
🌐 Portfolio - https://harsh-hak.github.io/
👥 Community - https://cybersphere-community.github.io/

Cyber Threats Demystified for Beginners

Harsh Kanojia — Mon, 16 Mar 2026 12:13:33 +0000

📝 Abstract

Welcome to this deep dive into the world of cyber threats. As a cybersecurity student at Deakin University, I often see newcomers overwhelmed by technical jargon. This post aims to break down what cyber threats are, why they happen, and most importantly, how you can protect yourself without needing a PhD in coding. We will keep things straightforward and practical.

🔍 The Revelation

What exactly is a cyber threat? Think of it like a potential danger lurking in the digital world. It is any action, incident, or event that could compromise the confidentiality, integrity, or availability of your data or systems.

Confidentiality: Keeping secrets secret.
Integrity: Ensuring data has not been tampered with.
Availability: Making sure you can access your systems when you need them.

A cyber threat exploits a weakness, often called a vulnerability, to cause harm.

🌍 The Big Picture

Cyber threats are not just random acts; they are often organized, motivated, and persistent. Understanding the landscape helps us prepare.

The motives behind cyber attacks generally fall into a few main categories:

Financial Gain: Stealing money or sensitive data for resale.
Espionage: Governments or corporations stealing secrets.
Hacktivism: Disrupting systems to promote a political or social message.
Vandalism: Causing chaos just for the sake of it.

The Problem

The biggest problem is the speed of evolution. Attackers are constantly innovating new ways to breach defenses. For the average user or small business, keeping up feels impossible.

Cyber threats target everyone, from massive global corporations to the laptop you use to check your email. Attackers look for the path of least resistance.

Phishing emails tricking you into giving up passwords.
Malware infecting your machine secretly.
Weak passwords acting as unlocked digital doors.

The Investigation

To fight back effectively, we must investigate the common methods used by attackers. These methods are the tools in their digital toolbox.

One very common investigation path focuses on social engineering. This is not about hacking code; it is about hacking people.

Social Engineering Tactics:

Pretexting: Creating a believable story to gain trust.
Baiting: Leaving an infected USB drive hoping someone plugs it in.
Phishing: Sending deceptive emails that look like they come from a trusted source like your bank or Deakin IT support.

Key Findings

My key finding after reviewing countless incident reports is that complexity is often the enemy of security. The simplest mistakes cause the most damage.

The data consistently shows that human error remains the single largest vulnerability factor across most organizations.

Top Vulnerability Contributors:

Using default or weak passwords.
Ignoring software update notifications.
Clicking suspicious links in emails.

Why It Matters

Why should you care about these threats if you are not a cybersecurity expert? Because your digital life is now intertwined with your real life.

A successful attack can lead to:

Identity theft, ruining your credit score.
Loss of important personal documents or photos.
Financial drain through ransomware demands.
Reputational damage if your professional accounts are compromised.

How to Stay Safe

Staying safe does not require advanced skills, just consistent good habits. Think of these steps as your digital hygiene routine.

Essential Defenses:

Strong, Unique Passwords: Use a password manager. Never reuse passwords across important accounts.
Multi-Factor Authentication (MFA): Enable MFA everywhere possible. This adds a second layer, like a code sent to your phone, even if someone steals your password.
Update Everything: Apply software and operating system updates immediately. Updates often patch known vulnerabilities.
Be Skeptical: Treat unsolicited emails or messages with extreme caution. Verify requests through a different, trusted channel if unsure.

Final Thoughts

Cybersecurity is a journey, not a destination. Threats will always exist, but our ability to adapt and follow basic safety protocols drastically reduces our risk exposure. Be curious, stay updated, and never stop questioning what you see online.

📌 Conclusion

We have broken down the basics of cyber threats, understood the attacker motivations, and outlined practical steps for defense. Remember, being security aware is your first and best line of defense.

🚀 Let’s Chat

What is the most surprising cyber threat you have encountered or learned about recently? Share your thoughts below. I am keen to hear your experiences as we all learn together.

🖋️ Written by - Harsh Kanojia

🔗 LinkedIn - https://www.linkedin.com/in/harsh-kanojia369/
💻 GitHub - https://github.com/harsh-hak
🌐 Portfolio - https://harsh-hak.github.io/
👥 Community - https://cybersphere-community.github.io/

Phishing Attacks Explained Simply

Harsh Kanojia — Mon, 16 Mar 2026 09:49:22 +0000

📝 Abstract

Welcome to my latest exploration. Today we are diving into a very common threat: phishing. Phishing attacks are how criminals trick you into giving away sensitive information. They pretend to be someone trustworthy like your bank or a popular online service. Understanding how they work is the first step to protecting yourself online. This post will break down the basics so you can spot these scams easily.

🔍 The Revelation

What exactly is phishing? Think of it like digital fishing. The attacker casts out a wide net using emails, text messages, or even phone calls. They hope someone bites. If you click a malicious link or give them your password, they reel in your private data. It is social engineering, meaning they manipulate human psychology rather than just exploiting software bugs.

🌍 The Big Picture

Phishing is a huge industry for cybercriminals. It is often the starting point for major data breaches. If a hacker gets your login credentials through a simple phishing email, they gain access to much larger systems. This single trick can lead to identity theft, financial loss, and corporate espionage. It affects individuals and large organizations daily.

⚠️ The Problem

The core problem is trust. We are wired to trust official looking communication. Phishing emails are getting incredibly sophisticated. They often look exactly like emails from legitimate companies. They use official logos, correct grammar, and create a sense of urgency to make you act fast without thinking.

Common Phishing Tactics:

Urgency: "Your account will be suspended in 24 hours if you do not click here."
Authority: Pretending to be the CEO or IT department asking for immediate action.
Incentives: Offering fake prizes or refunds that require you to verify your details.

🕵️ The Investigation

How do we investigate a potential phishing attempt? We look for the red flags. It takes just a few seconds to check the details before clicking anything.

Key things to examine:

Sender's Email Address: Does it perfectly match the company’s real domain? (e.g., support@amazon.com versus support@amazonn-security.net).
Links (URLs): Hover your mouse over any link without clicking it. Does the destination address look legitimate? Look for misspellings or unusual characters.
Tone and Grammar: While improving, many scams still contain spelling mistakes or awkward phrasing that a professional company would not send.
Request Type: Does the organization you know ever ask for your password via email? Usually, the answer is no.

📊 Key Findings

My research shows that the most successful phishing attacks often target credentials for cloud services like Microsoft 365 or Google Workspace. Why? Because these accounts often hold access to multiple other systems. Targeting one weak link provides access to the entire chain.

❗ Why It Matters

For beginners, phishing awareness is your primary defense. You do not need expensive software to stop most phishing attempts; you need critical thinking. If you avoid being tricked by the initial email, the subsequent damage is prevented entirely. Your security starts with your skepticism.

🛡️ How to Stay Safe

Building robust defenses requires good habits. Here are practical steps everyone should take immediately.

Strong Security Practices:

Enable Multi-Factor Authentication (MFA): Even if a criminal gets your password, MFA requires a second verification step, usually a code from your phone, stopping them.
Use a Password Manager: This helps you generate unique, strong passwords for every site, reducing the impact if one account is compromised.
Verify Independently: If you get an urgent request from your bank, close the email. Open your browser and navigate directly to the bank's official website to log in or call their verified support number.
Be Wary of Attachments: Never open unexpected attachments, especially zip files or Word documents asking you to enable macros.

💭 Final Thoughts

Phishing attacks prey on speed and distraction. Slowing down is your superpower. Treat every unsolicited request for information with suspicion. Think of yourself as the gatekeeper of your own digital life.

📌 Conclusion

Phishing remains a persistent and effective threat because it targets the human element. By understanding the tactics and implementing simple checks, you significantly reduce your personal risk profile. Stay alert, stay informed, and keep those digital defenses strong.

🚀 Let’s Chat

Have you ever spotted a really convincing phishing email? What were the telltale signs that gave it away? Share your experiences and tips in the comments below. Let us learn from each other’s vigilance.

🖋️ Written by - Harsh Kanojia

The Sneaky Side of Password Managers

Harsh Kanojia — Mon, 16 Mar 2026 09:42:35 +0000

📝 Abstract

Welcome everyone. Today we are diving into something most of us use every day: password managers. They are supposed to make our lives safer, but are they completely flawless? We will explore the hidden risks lurking behind these convenient tools, keeping things simple enough for everyone to understand. Think of this as a friendly warning from your fellow student.

🔍 The Revelation

Password managers are digital vaults. They store all your complex passwords behind one master key. This is great because you only need to remember one strong password instead of fifty weak ones.

However, what if that one master key gets compromised? That is where the trouble starts. The centralizing of secrets creates a single point of failure.

🌍 The Big Picture

In cybersecurity, we often talk about risk management. A password manager reduces the risk of you using weak or reused passwords across multiple sites. That is a huge win.

But it introduces a new, centralized risk. If an attacker successfully targets the manager itself, or tricks you into giving up the master password, they gain access to everything. It is like putting all your jewelry in one safe.

⚠️ The Problem

The main issue is not usually the encryption inside the vault. Modern managers use strong encryption. The real dangers usually involve the human element or the software update process.

Think about these common weak spots:

Master Password Strength: If your master password is weak, an attacker can use brute force or dictionary attacks easily.
Phishing Attacks: Sophisticated phishing can trick you into entering your master password on a fake login screen.
Browser Integration: Sometimes, the extension running in your web browser can be exploited, allowing malicious code to read what the manager is displaying or entering.

🕵️ The Investigation

As a security researcher in training, I looked closely at how these vulnerabilities manifest. Many incidents do not involve hacking the encryption directly. Instead, they exploit common user behaviors or software flaws.

For example, if you use the auto-fill feature carelessly, you might fill credentials on a malicious clone site without realizing it. The manager is doing what it is told, but the context is wrong.

Another area of concern is syncing. When you sync your vault across multiple devices, if one device is infected with malware, the encrypted file could potentially be intercepted or accessed locally.

📊 Key Findings

Our analysis points to these critical areas of risk associated with password managers:

Master Password Weakness: This remains the number one vector. A simple password defeats world-class encryption.
Zero-Day Exploits: Flaws in the manager software itself, though rare, can bypass security layers.
User Trust Over Vigilance: Users often become overconfident and stop checking URLs before entering master credentials.

❗ Why It Matters

If your standard website login is stolen, you change that one password. If your master password is stolen, every single online account you own is immediately at high risk. This moves from inconvenience to full-blown identity crisis quickly.

We need to treat the master password with the reverence reserved for the keys to the kingdom.

🛡️ How to Stay Safe

Using a password manager is still better than not using one. The key is to implement strong operational security (OpSec) around it.

Here are actionable steps you can take today:

Use a unique, extremely long, and complex master password. Use passphrases instead of short passwords.
Enable Two Factor Authentication (2FA) on the password manager account if the provider supports it. This is vital.
Keep your password manager application and browser extensions fully updated immediately.
Be extremely wary of any prompts asking for your master password outside of the application interface.
Regularly review the list of stored credentials for anything you no longer use.

💭 Final Thoughts

Password managers are incredible tools that boost your overall security posture significantly. They automate good habits. But, like any powerful tool, they demand respect and continuous vigilance from the user. Never become complacent just because you are using a security product.

📌 Conclusion

The convenience of centralizing secrets must be balanced with meticulous protection of that central point. By understanding the risks and following best practices, you can harness the power of these tools without falling victim to their potential single point of failure. Stay safe out there.

🚀 Let’s Chat

What methods do you use to secure your master password? Are you using 2FA on your vault? Share your thoughts below; I am always learning!

🖋️ Written by - Harsh Kanojia

Simple Guide to Phishing Attacks

Harsh Kanojia — Sun, 15 Mar 2026 15:29:24 +0000

📝 Abstract

Welcome to the world of cybersecurity. Today, we are demystifying a very common threat: phishing. Phishing is like digital trickery where attackers try to steal your sensitive information, such as passwords or credit card details, by pretending to be someone trustworthy. This post will break down what phishing is, why it works, and most importantly, how you can defend yourself against these sneaky attempts.

🔍 The Revelation

Have you ever received an email saying you won a prize or that your bank account needs immediate attention? That is often phishing in action.

Phishing is a type of social engineering attack. Social engineering simply means manipulating people into giving up confidential information. Attackers craft deceptive communications that look legitimate.

The goal is usually one of three things:

Stealing login credentials.
Installing malicious software (malware).
Tricking you into sending money.

🌍 The Big Picture

Phishing is not new, but it keeps evolving. Attackers use sophisticated techniques to make their scams look incredibly real.

We often hear about large data breaches, but many breaches start with one successful phishing email hitting one employee. This makes individual awareness a critical line of defense.

Think of it as a digital disguise. The attacker disguises themselves as a trusted entity like:

Your boss or colleague.
A well-known company (like Amazon or Microsoft).
A government agency.

⚠️ The Problem

Why are phishing attacks so successful? Humans are often the weakest link in security, not technology. Phishing exploits basic human psychology.

Attackers rely on creating a sense of urgency or fear. They want you to act quickly without thinking clearly.

Common psychological triggers used include:

Fear: "Your account will be suspended if you don't click here."
Greed: "You have a large tax refund waiting for you."
Curiosity: "See who viewed your profile!"

If you react emotionally instead of critically, the attack succeeds.

🕵️ The Investigation

How do we spot these fakes? Becoming a good digital detective requires checking a few key areas in any suspicious communication.

First, look closely at the sender's email address. Attackers often use addresses that look similar but are slightly off. For example, support@amaz0n.com instead of support@amazon.com. The zero replaces the letter 'o'.

Second, scrutinize any links before clicking. Hover your mouse over the link (do not click!). The real destination URL should appear, usually in the bottom corner of your browser or email client. If the displayed link text says "www.bankname.com" but the actual link goes somewhere else entirely, it is suspicious.

Third, check the language. Legitimate organizations usually have professional, error-free communication. Numerous spelling or grammar mistakes are a huge red flag.

📊 Key Findings

We can categorize phishing into several common types:

Email Phishing: The most common form, sent to a wide audience.
Spear Phishing: Targeted attacks aimed at a specific person or organization. The attacker researches the victim first.
Whaling: Highly targeted attacks aimed specifically at senior executives (the "big fish").
Smishing (SMS Phishing): Phishing conducted via text messages.
Vishing (Voice Phishing): Phishing carried out over phone calls, often involving urgent technical support scams.

❗ Why It Matters

A successful phishing attack can lead to severe consequences for you and your organization.

For individuals, it means identity theft, drained bank accounts, or compromised personal data.

For businesses, it can mean:

Loss of sensitive intellectual property.
Major financial losses from fraudulent transfers.
Disruption of operations due to malware infection.
Reputational damage following a data breach.

🛡️ How to Stay Safe

Defense against phishing relies heavily on good habits and skepticism. Adopt a "Zero Trust" mindset for unsolicited messages.

Here are practical steps you can take today:

Verify Independently: If an email asks you to log in or take urgent action, do not use the link provided. Instead, open a new browser window and navigate directly to the official website yourself.
Enable Multi-Factor Authentication (MFA): MFA requires a second form of verification (like a code from your phone) in addition to your password. This often stops attackers even if they steal your password.
Use Security Software: Ensure your operating system and web browser are always updated. Updates often patch security vulnerabilities that phishers try to exploit.
Think Before You Click: If an offer seems too good to be true, or the request too urgent, pause. Take five seconds to look critically at the sender and the links.

💭 Final Thoughts

Cybersecurity is a partnership between technology and human vigilance. Technology provides the tools, but you provide the critical thinking required to spot a deception. Never feel embarrassed to report a suspicious email. Reporting helps protect everyone else in the network.

📌 Conclusion

Phishing remains a persistent threat because it targets the human element. By understanding the tactics—urgency, impersonation, and suspicious links—and implementing verification steps like checking sender addresses and using MFA, you significantly reduce your risk. Stay curious, stay skeptical, and stay safe online.

🚀 Let’s Chat

What is the most convincing phishing attempt you have ever spotted? Share your experiences or questions in the comments below so we can all learn together!

🖋️ Written by - Harsh Kanojia

The Hidden Cost of Weak Passwords

Harsh Kanojia — Sat, 14 Mar 2026 07:04:09 +0000

📝 Abstract

Welcome to my latest dive into digital defense. Today we are talking about something simple yet incredibly dangerous: weak passwords. Many people use easy guesses or reuse passwords across multiple sites. This blog post will explore why this is a major security risk and what practical steps you can take right now to protect your digital life. We are aiming for a strong security baseline without needing complex hacking skills.

🔍 The Revelation

Imagine your digital life is a house. Your password is the front door lock. If you use "123456" or "password" as your lock, it does not matter how strong the walls are. Anyone can walk right in. This is what happens every time you choose a weak password. Cyber attackers use automated tools called brute force attacks to guess these simple combinations constantly.

🌍 The Big Picture

In cybersecurity, we often talk about the "attack surface." This is the total number of points where an unauthorized user can try to enter or extract data from a system. Your passwords are the largest part of your personal attack surface. Every online account you have contributes to this risk. If one service suffers a data breach, and you used that same weak password elsewhere, your other accounts are instantly exposed.

⚠️ The Problem

Why do people still use weak passwords?

Convenience: It is easier to remember simple things.
Password Fatigue: Having to create dozens of unique, strong passwords for every site is tiring.
Lack of Awareness: Many users underestimate how easily their simple passwords can be cracked.

A weak password means that credentials stolen from a small forum application could unlock your main email account, which then grants access to your banking information.

🕵️ The Investigation

How do attackers crack passwords? They use lists of commonly breached passwords and sophisticated guessing techniques.

Dictionary Attacks: Trying every word in a standard dictionary, plus common variations (like adding a '1' or an '!' at the end).
Brute Force Attacks: Trying every possible combination of letters, numbers, and symbols sequentially until the correct one is found. Modern hardware can test billions of combinations per second against poorly configured login systems.

The crucial finding is that complexity matters more than length sometimes, but combining both is the ultimate defense.

📊 Key Findings

Security researchers constantly analyze leaked password databases. Here is what they show about common failures:

The top 10 most common passwords remain predictable year after year.
Passwords shorter than eight characters can often be cracked in minutes or even seconds by modern machines.
Reusing passwords significantly amplifies the potential damage from a single data breach.

❗ Why It Matters

If an attacker gains access to your primary email account, they can often reset the passwords for almost every other service you use, effectively taking over your digital identity. This can lead to financial loss, identity theft, and severe reputational damage. Security is not just about technical defenses; it is about protecting your real life.

🛡️ How to Stay Safe

Moving to better password habits does not have to be difficult. Here are three actionable steps:

Embrace a Password Manager: Tools like LastPass, Bitwarden, or 1Password create and store unique, complex passwords for every site. You only need to remember one strong master password.
Use Passphrases, Not Passwords: A passphrase is long but memorable. Instead of "Fluffy1985!", try "PurpleGiraffeEatsSevenBananas!". The longer the better, as it exponentially increases cracking time.
Enable Multi-Factor Authentication (MFA): This is your secondary lock. Even if an attacker gets your password, they still need the code sent to your phone or generated by an authenticator app. Always turn this on for email, banking, and social media.

💭 Final Thoughts

We are all busy, and security can feel like a chore. But treating your passwords with the respect they deserve is the single highest impact security improvement you can make today. Think of your password manager as your digital vault key. Protect that key fiercely.

📌 Conclusion

Weak passwords are a relic of the past that still haunt our present. By adopting a password manager and enabling MFA, you elevate your security posture from vulnerable to resilient almost instantly. Start today, protect your data, and feel more secure online.

🚀 Let’s Chat

What is your favorite password manager, or what is the biggest hurdle you face in managing strong credentials? Drop a comment below. I am keen to discuss strategies.

🖋️ Written by - Harsh Kanojia

Cloud Misconfiguration The Hidden Danger

Harsh Kanojia — Sat, 14 Mar 2026 06:48:00 +0000

📝 Abstract

Welcome everyone. I am Harsh, a cybersecurity student at Deakin University, and today we are talking about a danger hiding in plain sight: cloud misconfiguration. Many organizations move their valuable data to the cloud like Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) expecting instant security. However, setting up these services correctly is harder than it looks. A simple mistake in the configuration settings can leave the door wide open for attackers. This post breaks down what misconfiguration is, why it happens, and how you can avoid becoming the next headline.

🔍 The Revelation

When you use the cloud, you are renting space and tools. You are responsible for setting the security rules. Think of it like building a house in a gated community. The community provides the fence (the cloud provider’s infrastructure), but you must lock your own doors and windows (your configurations). If you leave a window open, it is your fault the robber got in. Cloud misconfiguration is exactly this scenario in the digital world. It is an error in how you set up your cloud services.

🌍 The Big Picture

Why is this such a huge deal now? Because almost everyone is using the cloud. Businesses, governments, and even small startups store everything online. This massive shift means that any widespread configuration error affects millions of users and petabytes of data. Major data breaches often trace back directly back to a simple forgotten setting, not a complex zero-day exploit.

⚠️ The Problem

The complexity of cloud environments is the main villain here.

Service Overload: Cloud providers offer hundreds of services (storage, databases, computing power). Keeping track of the security settings for all of them is hard.
Default Settings are Weak: Sometimes, default settings prioritize ease of use over maximum security. If you do not change them, you inherit the risk.
Human Error: Tired engineers, fast deadlines, and lack of training all contribute to mistakes. A missing checkmark or a wrong IP address range can cause chaos.
Understanding Shared Responsibility: Many people misunderstand the Shared Responsibility Model. The cloud provider secures the cloud itself, but you secure what you put in the cloud.

🕵️ The Investigation

How do these errors typically manifest? Let us look at common targets for misconfiguration.

Storage Buckets (e.g., AWS S3): This is perhaps the most famous example. A storage bucket meant only for internal use is accidentally set to "Public Read/Write." Anyone on the internet can download or upload files.
Security Groups and Firewalls: These act as virtual firewalls. If a security group allows traffic on port 22 (SSH, for remote access) from "0.0.0.0/0" (which means "the entire internet"), attackers can brute force their way into your servers.
Identity and Access Management (IAM): Giving users or applications far more permissions than they need is called over-privileging. If an application only needs to read one database but is given admin rights to everything, a compromise of that application instantly compromises the entire account.

📊 Key Findings

Industry reports consistently show the same trends.

Configuration errors consistently rank as the top cause of cloud data breaches.
Misconfigured databases exposed via the public internet are a frequent source of PII (Personally Identifiable Information) leaks.
Automated scanning tools often find hundreds of minor misconfigurations in large cloud environments that human auditors miss.

❗ Why It Matters

The impact of misconfiguration goes beyond just lost data.

Financial Loss: Paying regulatory fines (like GDPR penalties) and the cost of fixing the breach.
Reputation Damage: Customers lose trust quickly when their data is exposed due to simple negligence.
Operational Downtime: Attackers exploiting misconfigurations can shut down your services, costing you sales and productivity.

🛡️ How to Stay Safe

Staying secure in the cloud requires vigilance and automation.

Adopt Infrastructure as Code (IaC): Use tools like Terraform or CloudFormation. This means your infrastructure settings are written as code, which can be peer reviewed, version controlled, and automatically checked for errors before deployment.
Implement Least Privilege: Strictly limit permissions. If a user or service only needs to read files, do not let them delete files. Regularly audit these permissions.
Use Cloud Security Posture Management (CSPM): These are automated tools that constantly scan your cloud environment against best practice benchmarks. They alert you instantly if someone accidentally opens a storage bucket to the public.
Regular Training: Ensure your development and operations teams understand the Shared Responsibility Model and current security best practices specific to your cloud provider.

💭 Final Thoughts

The cloud is powerful, but that power demands responsibility. Do not assume the default settings are secure. Treat your configuration files like sensitive code. A small investment in process and tooling today saves you from a major headache tomorrow.

📌 Conclusion

Cloud misconfiguration is not a complex hacking technique; it is a gap in process management. By understanding where the responsibility lies and employing automated checks, you can secure your cloud presence effectively.

🚀 Let’s Chat

What is the riskiest cloud misconfiguration you have ever found or fixed? Share your stories or questions in the comments below. Let us learn from each other’s experiences to make the cyber world safer.

🖋️ Written by - Harsh Kanojia

The Silent Threat of Phishing Lures

Harsh Kanojia — Sat, 14 Mar 2026 06:39:04 +0000

📝 Abstract

Welcome! I am Harsh, a cybersecurity student at Deakin University. Today, we are diving into one of the most common yet dangerous threats: phishing. This post will break down what phishing is, why it succeeds, and simple steps you can take to protect yourself online. Phishing is more than just a suspicious email; it is a constant battle for your digital life.

🔍 The Revelation

What exactly is phishing? Think of it like fishing, but instead of catching fish, attackers are trying to reel in your sensitive information.

Phishing is a type of social engineering attack. Social engineering means tricking people into giving up confidential data. Attackers send fraudulent communications, usually emails, that look legitimate.

These emails often pretend to be from trusted sources like your bank, a popular online service, or even your IT department. The goal is simple: steal usernames, passwords, credit card details, or install malware.

🌍 The Big Picture

Why is phishing so effective in today’s connected world?

Trust Exploitation: We are trained to trust institutions that send us official looking emails.
Volume and Scale: Attackers send millions of these attempts hoping a small percentage will click.
Urgency Creation: Phishing messages often create a false sense of urgency, like "Your account will be suspended in 24 hours!" This stops people from thinking critically.

Phishing is the entry point for many larger cyberattacks, including ransomware deployment and large-scale data breaches.

⚠️ The Problem

The real challenge with modern phishing is sophistication. It is not just about bad spelling anymore.

Modern phishing attacks use several techniques to evade detection:

Spear Phishing: Highly targeted attacks aimed at a specific individual or organization. They use personal details gleaned from social media to make the lure very convincing.
Whaling: Spear phishing aimed specifically at high-profile targets like senior executives (the "big fish").
Spoofing: Making the sender's email address look exactly like a trusted domain, even if it is slightly different (e.g., using 'micros0ft.com' instead of 'microsoft.com').

If you click a malicious link, you might be taken to a fake login page designed to perfectly mimic the real one.

🕵️ The Investigation

How can we spot these digital traps before it is too late? We need to become digital detectives. Here are the key signs to look for in any suspicious communication:

Check the Sender’s Email Address: Do not just look at the display name. Hover your mouse over the sender's name to see the actual underlying email address. Does it match the supposed company?
Look for Generic Greetings: Legitimate companies usually address you by name. "Dear Customer" or "Valued User" is often a red flag.
Examine Links Carefully: Hover over any link without clicking. Does the preview URL match the website the email claims to be from? Watch out for mismatched domains.
Grammar and Tone: While improving, poor grammar or an overly aggressive tone demanding immediate action are classic signs of a scam.

📊 Key Findings

Our investigation shows that user awareness is the single strongest defense against phishing. Technology filters catch many attempts, but the personalized spear phishing emails often get through.

The key finding is the reliance on user psychology: fear, urgency, and curiosity are the weapons used against you.

❗ Why It Matters

If a phishing attack succeeds, the consequences can be severe:

Financial Loss: Direct theft from compromised bank accounts or credit cards.
Identity Theft: Stolen personal identifying information (PII) used for fraudulent activities.
Corporate Espionage: For businesses, a successful phishing attack can lead to the theft of intellectual property or network infiltration.

For all of us, it means losing control over our online presence until we can regain access and clean up the damage.

🛡️ How to Stay Safe

Staying secure is about developing good digital hygiene. Here are essential protective measures:

Enable Multi-Factor Authentication (MFA): Even if a phisher steals your password, MFA requires a second verification step (like a code from your phone), blocking unauthorized access. This is crucial!
Use a Password Manager: These tools generate strong, unique passwords and often flag known phishing sites.
Verify Independently: If you receive an urgent notification from your bank or Netflix, do not click the email link. Instead, open your browser and navigate to the official website manually to log in and check your account status.
Be Skeptical of Attachments: Never open attachments, especially zip files or Word documents asking you to enable macros, from unknown senders.

💭 Final Thoughts

Phishing attacks are persistent because they work. As technology evolves, so do the attackers’ methods. However, by understanding the fundamentals of these scams and adopting a skeptical mindset—always questioning unexpected communications—you significantly reduce your risk profile. Stay vigilant, and keep learning!

📌 Conclusion

Phishing remains the low-hanging fruit for cybercriminals. By learning to spot the lures, activating MFA, and verifying requests independently, you build a robust personal defense system against these common threats. Your awareness is your best firewall.

🚀 Let’s Chat

What is the most convincing phishing email you have ever received? Share your experiences or questions below. Let us learn from each other’s close calls!

🖋️ Written by - Harsh Kanojia

🔑 Unmasking Supply Chain Trust Failures

Harsh Kanojia — Sat, 14 Mar 2026 05:27:41 +0000

Abstract: This post dissects the often overlooked fragility of software supply chain trust, moving beyond just dependency scanning to the execution environment. We examine a recent observation where seemingly secure build processes were undermined by subtle, context-dependent vulnerabilities in artifact promotion.

High Retention Hook

I remember the sinking feeling during a late-night audit. We had painstakingly validated every open-source dependency, ran exhaustive SAST/DAST, and yet, the production binary had a backdoor. Not in the code we wrote, but in the pipeline artifact storage. Trusting the build system implicitly nearly cost us a major client audit. That moment crystallized: the supply chain is only as strong as its weakest artifact transition.

Research Context

The cybersecurity community has rightly focused significant energy on Software Bill of Materials (SBOMs) and dependency confusion attacks, spurred by events like the SolarWinds breach. The move towards immutable infrastructure and stricter CI/CD pipelines is a direct response. However, a gap remains in verifying the integrity of artifacts between secure build stages, particularly across air-gapped or multi-cloud environments where human intervention or tooling drift is common. This is where trust boundaries blur dangerously.

Problem Statement

The primary misconception is that achieving cryptographic signing of the final executable equates to end-to-end security. In reality, many organizations fail to enforce granular, context specific access controls on temporary artifact repositories or staging environments used during promotion or deployment staging. If an adversary can manipulate metadata or swap artifacts during a non-cryptographically secured handoff, the initial signing effort becomes largely academic. This is a process failure, not a pure code failure.

Methodology or Investigation Process

My recent investigation focused on observing artifact promotion pipelines using a combination of security tooling audits and practical penetration testing scenarios mimicking an insider threat or a compromised build server credential. I utilized tools like Sigstore (specifically Cosign for artifact signing verification) alongside continuous monitoring of artifact registry APIs, focusing specifically on time-of-check to time-of-use windows during artifact promotion from a Staging Registry to a Production Registry. We looked for instances where artifact names were reused or where metadata updates were decoupled from the artifact hash itself.

Findings and Technical Analysis

We discovered a common pattern in older Jenkins/GitLab setups where the deployment script would pull an artifact identified by a predictable tag (e.g., latest_stable) based on a successful staging build, but the actual hash verification against the signed manifest was often skipped or poorly implemented during this transition phase. In one scenario involving container images, the deployment script prioritized speed: it pulled the image ID that was supposed to be signed, but the registry allowed an unverified tag remapping if the signing service was momentarily offline or slow to update its database. This misalignment between perceived trust and actual verification is a classic race condition exploited for supply chain compromise. Think of it like getting a certified letter, but the delivery person swaps the contents before handing it over, relying on you only checking the envelope’s stamp.

Risk and Impact Assessment

The impact of this failure is severe. If an attacker can swap a slightly modified image during promotion, they bypass all pre-production scanning. This leads directly to sophisticated persistent threats, similar in effect to advanced nation state intrusions, but often originating from mundane process errors. For DFIR specialists, tracing this back is complex; logs often show the "correct" artifact ID being pulled by the deployment tool, masking the prior metadata tampering. NIST SP 800 218 (SLSA framework) directly addresses these transition points, highlighting that insufficient provenance checking during artifact transfer is a critical vulnerability vector.

Mitigation and Defensive Strategies

First, enforce strict, immutable artifact IDs across the entire lifecycle. Never rely on mutable tags during promotion. Second, implement cryptographic verification at the point of consumption, not just the point of creation. If using Cosign, the consuming host must verify the signature against the expected chain of custody metadata immediately before pulling or executing. Third, segregate artifact promotion roles. The system that signs the artifact should not be the same entity that promotes it, unless rigorous, independent cross-check mechanisms (like separate key material or attestations) are in place. Continuous monitoring of registry API changes is non negotiable for SOC teams tracking lateral movement risk. 🛡️

Researcher Reflection

This reinforced a key lesson: security debt often hides in the integration points between otherwise secure tooling. We spend so much time hardening the build server or the code repository that we forget the plumbing connecting them. It requires a humble approach—assume the network is hostile, and assume the promotion script has a bug until proven otherwise by redundant verification checks. Learning from past incidents, like the challenges posed by malicious package uploads documented in various open-source security reports, shows that trust boundaries are the highest value targets.

Conclusion

Supply chain integrity demands holistic verification across the entire artifact lifecycle, paying meticulous attention to the often neglected handoffs. Cryptographic signing is the baseline, not the finish line. Operational rigor in artifact promotion is what separates robust security posture from a compliance checklist.

Discussion Question

For those dealing with hybrid cloud environments, what specific mechanisms have you implemented to ensure atomic, verified artifact promotion across disparate trust domains without introducing unacceptable latency? Curious to see tooling recommendations. 👇

Written by - Harsh Kanojia

LinkedIn - https://www.linkedin.com/in/harsh-kanojia369/

GitHub - https://github.com/harsh-hak

Personal Portfolio - https://harsh-hak.github.io/

Community - https://forms.gle/xsLyYgHzMiYsp8zx6

🔑 The Silent Drift in Privilege Escalation

Harsh Kanojia — Fri, 13 Mar 2026 03:42:35 +0000

Abstract: This article dissects a subtle yet pervasive issue in modern IAM where configuration drift, often stemming from insecure defaults or rushed deployments, creates low-and-slow privilege escalation vectors missed by standard auditing tools. We explore a recent finding leveraging misunderstood service account permissions.

High Retention Hook

I spent three days chasing a phantom lateral movement technique in a client environment, convinced it was a zero-day kernel exploit. The truth was far more mundane and frankly, embarrassing. The vulnerability wasn't in the kernel; it was in a poorly managed Kubernetes RoleBinding that granted a non-descript deployment service account rights to modify critical network policies—a textbook case of configuration drift weaponized. 🤦‍♂️

Research Context

The industry fixation on CVEs with CVSS scores above 9.0 is understandable, but it often blinds us to the cumulative risk of misconfiguration. In cloud native environments and complex enterprise AD structures, privilege creep isn't always a loud exploit; it’s a quiet accrual of permissions over time. MITRE ATT&CK covers Tactics, Techniques, and Procedures (TTPs) like T1078 (Valid Accounts), but the specific technical failure here lies in the gap between "intended" permissions and "effective" permissions granted by complex inheritance or layered IAM policies.

Problem Statement

Many security teams rely heavily on static policy scanners which struggle to accurately model the effective permissions derived from multiple intersecting policies, especially when resource-based policies interact with identity-based policies in non-obvious ways. The specific problem we encountered was the over-granting of rights during initial infrastructure setup, rights that were never pruned when the project scope changed. This silent drift enabled a low-privileged container to pivot into infrastructure control.

Methodology or Investigation Process

Our investigation began post-incident response on a minor data exfiltration event. The initial entry point was unremarkable. We shifted focus to the post-exploitation phase, mapping every available service account accessible from the compromised node. We utilized a combination of open-source tools like ScoutSuite for initial cloud posture assessment and, crucially, customized PowerShell scripts targeting AD/Azure AD's effective permissions view. We specifically looked for accounts with write access to objects that could affect network topology or secrets management, even if the permission was delegated indirectly.

Findings and Technical Analysis

The core finding involved an Azure Service Principal (SP) tied to a legacy monitoring deployment. This SP held the "Network Contributor" role at a high scope. While this sounds like standard infrastructure access, the subsequent manual modification of a network security group (NSG) rule, intended to allow internal logging traffic, inadvertently opened an ephemeral path to a production database subnet. This wasn't a bug in the NSG logic; it was the direct, intended, but contextually inappropriate application of high-level permissions granted months prior. The drift here was context, not code. The service account still needed Network Contributor, but only for its specific Virtual Network, not the entire subscription.

Risk and Impact Assessment

The impact was significant. While the actual breach was data theft, the potential impact, given the privileges held, included denial of service via network isolation or the creation of persistence backdoors disguised as management rules. This directly relates to NIST Cybersecurity Framework Function T I.2 Security Architecture, highlighting the failure in designing resilient, least-privilege cloud environments. Real world examples like the various cloud misconfiguration incidents detailed by security firms in 2022 and 2023 show this pattern repeating: identity controls fail when scoping is too broad.

Mitigation and Defensive Strategies

The defense requires moving beyond simple scanning to continuous validation of effective access.

Implement Just-In-Time (JIT) access reviews for all standing privileges, particularly for service accounts interacting with core networking or secrets.
Treat permission changes like code; mandate peer review and version control for all infrastructure as code (IaC) templates that define IAM policies.
Utilize Policy-as-Code frameworks (like Open Policy Agent) to enforce granular boundaries before deployment, checking for policy scope overlaps.
Conduct regular "blast radius" simulations specifically targeting identity components derived from inherited roles, focusing on what permissions could achieve versus what they are currently achieving.

Researcher Reflection

This incident was a crucial reminder that in cyber security, sometimes the hardest problems are the ones defined by human process failure, not technical complexity. We chase the sophisticated exploit when often the easiest route in is simply giving someone the keys and forgetting to take them back. My primary lesson here was to trust the effective permission output even when the source policy looks benign on paper. Never underestimate the power of an inherited "Contributor" role applied too broadly.

Conclusion

Configuration drift in identity and access management represents a persistent, low-visibility threat vector. By prioritizing continuous validation of effective permissions and enforcing stricter scoping boundaries during infrastructure provisioning, we can significantly reduce the attack surface created by well-intentioned but ultimately excessive access grants.

Discussion Question

For my fellow researchers and practitioners: What specialized tooling or auditing technique have you found most effective in detecting inherited or derived permissions that violate the principle of least privilege in complex multi-cloud environments? Let's discuss robust detection methods. 👇

Written by - Harsh Kanojia

LinkedIn - https://www.linkedin.com/in/harsh-kanojia369/

GitHub - https://github.com/harsh-hak

Personal Portfolio - https://harsh-hak.github.io/

Community - https://forms.gle/xsLyYgHzMiYsp8zx6

💡 The Hidden Cost of Trusting Default Security Po

Harsh Kanojia — Mon, 09 Mar 2026 05:15:31 +0000

Abstract
This post dives into a critical operational security gap observed across mature enterprise environments: the silent misconfiguration of logging retention policies for critical security events. We explore how seemingly benign default settings can fundamentally undermine incident response capabilities, using a recent analysis as a starting point.

High Retention Hook
I remember staring at the empty timeline, the digital equivalent of reaching for the emergency brake only to find the pedal disconnected. It was a critical zero-day exploitation attempt we were tracking, and the crucial initial access vector logs? Gone. Wiped clean by an automated log rotation policy set to a default 30 days, effectively erasing our forensic runway before we even knew we were on fire. That failure hammered home a lesson I won't forget.

Research Context
In the world of threat intelligence and digital forensics and incident response DFIR, we spend endless cycles chasing IOCs, mapping TTPs to MITRE ATT&CK, and fine tuning SIEM rules. We celebrate blocking sophisticated malware or patching a critical CVE. But often, the most insidious failures are not in detection engineering, but in foundational data governance. Logs are the digital Rosetta Stone of any breach; if they are missing or incomplete, our post-mortem becomes educated guesswork rather than actionable science.

Problem Statement
The industry standard, often driven by cost constraints or compliance checklists, frequently defaults logging retention for high-fidelity security events like authentication failures, process creation, and network flow records to minimal periods, often 30 or 60 days. Advanced Persistent Threats APTs frequently operate with dwell times exceeding six months. When an analyst finally spots an anomaly that hints at initial compromise weeks or months prior, the necessary evidence—the breadcrumbs left by the adversary—has already been overwritten. This is a tactical denial of visibility masquerading as an efficiency measure.

Methodology or Investigation Process
Our investigation involved auditing the log management configurations across several client environments during routine security maturity assessments. We focused specifically on Windows Event Logs security channel retention settings and the retention policies configured within cloud native logging services like Azure Monitor and AWS CloudWatch Logs for key activity streams. The goal was not to find vulnerabilities in the tools themselves, but in the administrative choices made regarding their operational lifespan. We cross referenced these settings against NIST SP 800 92, Security Log Management Guidelines, which emphasizes retaining data for periods necessary to support forensic investigations, often suggesting longer durations for high-risk systems.

Findings and Technical Analysis
The technical reality is stark. Many endpoints still utilize legacy Group Policy Objects GPO settings for Windows Event Logs that default to 10MB or less for the Security log before overwriting the oldest entries. Even when moving to centralized SIEM solutions, the ingestion retention policy often defaults to a cost saving setting that aligns with basic PCI DSS requirements (e.g., 90 days), which is insufficient for modern threat hunting horizons.

We saw this starkly illustrated during the analysis of a suspected supply chain compromise targeting a smaller development firm. The initial lateral movement, identified via anomalous SMB traffic, pointed back six months. The security team was reliant on the EDR system, which, while excellent at detection, only retained raw system logs for 45 days by default. The EDR flagged the later actions, but the how of the initial access—a specific SQL injection payload logged in IIS logs that were also subject to aggressive rotation—was lost. We could confirm an intrusion but couldn't map the full kill chain without speculation. 🤷

**Risk and Impact Assessment
**The impact moves beyond regulatory fines. Loss of log data creates an unquantifiable risk exposure:

Reduced Root Cause Analysis RCA: Inability to accurately attribute the compromise.
Increased Dwell Time: Longer time to remediation because the threat actor TTPs cannot be fully understood.
Attribution Failure: Inability to provide evidence needed for legal or insurance claims. It is, frankly, paying for a high-end security sensor system and then deliberately throwing away the recordings to save on hard drive space.

Mitigation and Defensive Strategies
Actionable remediation requires a shift in mindset from compliance ticking to true operational resilience:

Tiered Retention: Implement risk-based retention. Tier 0 assets (Domain Controllers, EDR/SIEM servers, critical application servers) require extended retention, ideally 180 days minimum for raw logs, transitioning to long-term archival (1 year plus) for summary data.
Automated Auditing: Use configuration management tools Ansible, Puppet, or even custom PowerShell scripts to periodically audit log retention settings on endpoints and push back against administrative overrides that regress security posture.
Cost Justification: Force security teams to calculate the cost of a major breach investigation against the cost savings of short retention periods. The calculation almost always favors retention.

Researcher Reflection
My initial error years ago was trusting the platform vendor’s deployment guide defaults. Security is not the default state; it is a deliberate, continuous configuration effort. We must stop treating log storage as an infrastructure cost problem and start viewing it as a fundamental forensic necessity. If we cannot prove what happened, we cannot effectively defend against it happening again. Lessons learned: Always check the rotation settings before deploying any logging agent. Always.

Conclusion
Effective cybersecurity hinges on actionable data. If your organization’s operational security blueprint includes a predetermined expiration date for the evidence of its own failure, the blueprint is fundamentally flawed. Prioritizing robust, risk-aligned log retention is a non negotiable step toward mature threat hunting and DFIR readiness.

Discussion Question
For my peers in DFIR: Beyond the standard 90-day compliance requirement, what is the longest retention period you have realistically been able to secure budget for on critical event logs, and what evidence was it used to successfully close? Let’s discuss practical budgetary defense strategies.

Written by - Harsh Kanojia

LinkedIn - https://www.linkedin.com/in/harsh-kanojia369/

GitHub - https://github.com/harsh-hak

Personal Portfolio - https://harsh-hak.github.io/

Community - https://forms.gle/xsLyYgHzMiYsp8zx6