September 6, 2025
SSLVPN Honeypots: Fortigate Findings & Musings
Examining patterns observed in operating and collecting data from an SSLVPN honeypot sitting behind a Finch proxy.
Notes from threat hunting, malware analysis, and DFIR
I am Mike (Rem). This is where I publish field notes, technical write-ups, and lessons learned from hands-on security work.
What I write about
-
Live investigations
Case-driven write-ups from incident response and malware triage work.
-
Detection engineering
Practical detection content across YARA, Sigma, and telemetry-first workflows.
-
Security research notes
Supply-chain abuse, protocol behavior, and CTF-style problem solving.
Recent posts
View all posts-
-
May 17, 2025
Digging Tunnels - Hunting Adversarial Cloudflared Instances
Ransomware affiliates have long since abused Cloudflared tunnels to maintain persistent access to compromised environments. These tunnels can be utilized as a strong indicator of compromise when examined at-scale.
-
October 5, 2024
The Big List of Malware Analysis Tools
A continually evolving knowledgebase of things I've found pertinent as a threat and security operations analyst, specifically focusing on malware analysis.
-
June 26, 2024
Chainsaw Hunt & Rules
Chainsaw's hunt feature, along with Chainsaw's rule engine, is an excellent way to hunt for evil at scale and create reusable, maintainable queries for rapid triage. We will apply this to both simulated red team engagements and real world compromises to detect lateral movement, Impacket, and even ASP.NET compromises.