Practitioner-grade defensive security research: how attacks work, how to detect them, and how to harden against them. Hardware hacking, detection engineering, and CTF analysis from a real lab. Lab-only, authorization-only.https://darkpwn.comenhttps://darkpwn.com/posts/ssrf-detection-without-exploit-codehttps://darkpwn.com/posts/ssrf-detection-without-exploit-codeSSRF detection without running exploits — metadata-access signatures, Sigma/Suricata/CloudTrail rules, IMDSv2 defense, a CVE-2025-53767 case, and tuning tips.Sun, 21 Jun 2026 00:00:00 GMTDetection Engineeringssrfcloud-securityimdsv2detection-engineeringsuricatablue-teamcloudtrailawssupport@colsonsuperapps.com (Colson)https://darkpwn.com/posts/sql-injection-detection-a-defensive-guidehttps://darkpwn.com/posts/sql-injection-detection-a-defensive-guideHow to detect SQL injection across web, app, and database telemetry — with Sigma, Suricata, and SPL rules, a CVE-2025-1094 case study, and tuning tips. Lab-only.Sun, 21 Jun 2026 00:00:00 GMTDetection Engineeringsql-injectiondetection-engineeringsigmasuricatablue-teamweb-app-securitysiemthreat-huntingsupport@colsonsuperapps.com (Colson)https://darkpwn.com/posts/jwt-misconfiguration-detection-and-defensehttps://darkpwn.com/posts/jwt-misconfiguration-detection-and-defenseJWT misconfiguration detection and defense — alg:none, RS256-to-HS256 confusion, and kid injection, with header-logging detection, Sigma rules, and MITRE mapping.Sun, 21 Jun 2026 00:00:00 GMTDetection Engineeringjwtauthenticationalgorithm-confusiondetection-engineeringsigmablue-teamapi-securitysupport@colsonsuperapps.com (Colson)https://darkpwn.com/posts/broken-access-control-testing-for-defendershttps://darkpwn.com/posts/broken-access-control-testing-for-defendersBroken access control testing for defenders — detect IDOR and BOLA from authorization-failure telemetry with Sigma and SPL rules, plus deny-by-default hardening.Sun, 21 Jun 2026 00:00:00 GMTDefensive Researchbroken-access-controlidorbolaapi-securitydetection-engineeringblue-teamowaspsupport@colsonsuperapps.com (Colson)https://darkpwn.com/posts/xss-csp-hardening-for-blue-teamshttps://darkpwn.com/posts/xss-csp-hardening-for-blue-teamsXSS CSP hardening for blue teams — a strict nonce-based policy, CSP violation reports as a detection feed, Sigma and Suricata rules, tuning, and MITRE mapping.Sun, 21 Jun 2026 00:00:00 GMTDetection Engineeringxsscontent-security-policycspdetection-engineeringblue-teamweb-app-securitynoncestrict-dynamicsupport@colsonsuperapps.com (Colson)https://darkpwn.com/posts/anatomy-of-kerberoastinghttps://darkpwn.com/posts/anatomy-of-kerberoastingHow Kerberoasting abuses service tickets to crack service-account passwords offline — and the Sigma detection and hardening that shut it down. Lab-only.Tue, 16 Jun 2026 00:00:00 GMTDefensive Researchactive-directorykerberoskerberoastingdetectionsigmablue-teamsupport@colsonsuperapps.com (Colson)https://darkpwn.com/posts/detecting-wpa2-pmkid-capturehttps://darkpwn.com/posts/detecting-wpa2-pmkid-captureHow the clientless PMKID attack pulls a crackable hash from WPA2 APs — and the monitoring, WPA3 migration, and passphrase policy that defend against it.Tue, 16 Jun 2026 00:00:00 GMTHardware Securitywifiwpa2pmkidhashcatwirelessblue-teamdetectionsupport@colsonsuperapps.com (Colson)https://darkpwn.com/posts/sigma-rules-that-firehttps://darkpwn.com/posts/sigma-rules-that-fireA detection engineer's checklist for Sigma rules that survive contact with production — fidelity over coverage, tested logsources, tuned false positives, and CI.Tue, 16 Jun 2026 00:00:00 GMTDetection Engineeringsigmadetection-engineeringdetection-as-codesiemblue-teamthreat-huntingsupport@colsonsuperapps.com (Colson)