❯ ls ./blog

blue team field notes

Threat hunting, vulnerability management, detection engineering, and security operations.

Threat Hunt: Scattered Invoice — BEC via MFA Fatigue

Apr 24, 2026

A walkthrough of incident IR-2026-0225-BEC — tracing a business email compromise from MFA fatigue through inbox rule persistence to a £24,500 wire fraud.

#threat-hunting #BEC #Microsoft Sentinel #KQL #Scattered Spider

Building this blog

Feb 22, 2026

Notes on migrating from Hugo to Astro and setting up the Obsidian-to-Netlify publishing workflow.

#meta #astro #obsidian