logo

On the Hunt

ID: 7aca08c0-4c47-5b0d-ac00-505d4ec1a07a

STIX ID: identity--7aca08c0-4c47-5b0d-ac00-505d4ec1a07a

Feed Type: rss

Earliest post: 2019-09-10

Latest post: 2026-05-28

Paul Newton’s “On the Hunt” blog features in-depth cybersecurity research covering threat hunting, malware analysis, phishing techniques, and attacker tradecraft, along with practical detection strategies for SOC and blue-team defenders.

01/01/2020
06/04/2026
Title Date Published Describes IncidentAuthorVisible
Device Code Lab (DCL) — Deep Dive into a Device Code Phishing Toolkit2026-05-28TruePaul NewtonTrue
Novel Evilginx Frontend - Lowering the barrier for token theft reuse2026-05-15TruePaul NewtonTrue
Hunting New C2 Frameworks - Part 2 - Nexus C2, Shipped with Creds2026-05-10TruePaul NewtonTrue
Hunting New C2 Frameworks2026-05-05TruePaul NewtonTrue
Device Code Phishing Campaign — Infrastructure Update2026-03-18TruePaul NewtonTrue
Uncovering a New Device Code Phishing Campaign2026-03-10TruePaul NewtonTrue
Hunting Malicious NPM Packages with AI2026-03-06TruePaul NewtonTrue
ConsentFix: A New way to Phish for Tokens2025-12-17TruePaul NewtonTrue
Microsoft Entra Token Theft - Part One: Offline Access and Conditional Access2025-12-12TruePaul NewtonTrue
Detecting Abuse of VSCode Remote Tunnels2025-01-16TruePaul NewtonTrue
Microsoft Dev Tunnels: Tunnelling C2 and More2024-11-13TruePaul NewtonTrue
SVCHost.exe and Internet Sharing Triage2023-10-25TruePaul NewtonTrue
Virtual Machine Aware Phishing Sites2021-08-03TruePaul NewtonTrue
A Guide to Threat Hunting in a SOC2021-06-28TruePaul NewtonTrue
Cobalt Strike - Bypassing C2 Network Detections2021-03-03TruePaul NewtonTrue
Malware Analysis: Memory Forensics with Volatility 32020-11-10TruePaul NewtonTrue
Analysing Fileless Malware: Cobalt Strike Beacon2020-07-22TruePaul NewtonTrue

1–17 of 17

Built by the dogesec team. Copyright 2026.