<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>Sivabalan Chandra Sekaran — Security Research</title><description>Independent cybersecurity research on Windows internals, Active Directory, malware analysis, and offensive security techniques.</description><link>https://dekingofcyber.com/</link><language>en</language><item><title>WannaCry Ransomware: Static Triage, Kill Switch Logic, and MS17-010 Lessons</title><link>https://dekingofcyber.com/blog/reverse-engineering-malware-sample/</link><guid isPermaLink="true">https://dekingofcyber.com/blog/reverse-engineering-malware-sample/</guid><description>A real-world malware analysis case study of WannaCry, focusing on its SMBv1 propagation, kill switch behavior, and defensive lessons from the 2017 outbreak.</description><pubDate>Sat, 15 Nov 2025 00:00:00 GMT</pubDate><category>Reverse Engineering</category><category>Malware Analysis</category><category>Incident Response</category><author>Sivabalan Chandra Sekaran</author></item><item><title>Active Directory Kerberoasting: From SPN Enumeration to Offline Cracking</title><link>https://dekingofcyber.com/blog/active-directory-kerberoasting/</link><guid isPermaLink="true">https://dekingofcyber.com/blog/active-directory-kerberoasting/</guid><description>A defender-focused deep dive into Kerberoasting mechanics, detection opportunities, and hardening recommendations for enterprise Active Directory environments.</description><pubDate>Tue, 28 Oct 2025 00:00:00 GMT</pubDate><category>Active Directory</category><category>Windows Internals</category><author>Sivabalan Chandra Sekaran</author></item><item><title>Windows Token Abuse: SeImpersonatePrivilege and Potato Variants</title><link>https://dekingofcyber.com/blog/windows-token-abuse/</link><guid isPermaLink="true">https://dekingofcyber.com/blog/windows-token-abuse/</guid><description>Analyzing how Windows access tokens enable local privilege escalation through SeImpersonatePrivilege abuse and modern Potato-family exploits.</description><pubDate>Sat, 20 Sep 2025 00:00:00 GMT</pubDate><category>Windows Internals</category><category>Purple Team</category><author>Sivabalan Chandra Sekaran</author></item><item><title>Memory Analysis with Volatility 3: Recovering Artifacts from a Compromised Host</title><link>https://dekingofcyber.com/blog/memory-analysis-volatility/</link><guid isPermaLink="true">https://dekingofcyber.com/blog/memory-analysis-volatility/</guid><description>Practical guide to memory forensics using Volatility 3 plugins to identify process injection, credential artifacts, and attacker tooling in RAM dumps.</description><pubDate>Tue, 12 Aug 2025 00:00:00 GMT</pubDate><category>Memory Forensics</category><category>Digital Forensics</category><category>Incident Response</category><author>Sivabalan Chandra Sekaran</author></item><item><title>Building Effective YARA Rules: From Strings to Production Detection</title><link>https://dekingofcyber.com/blog/building-yara-rules/</link><guid isPermaLink="true">https://dekingofcyber.com/blog/building-yara-rules/</guid><description>A practical framework for writing maintainable YARA rules that minimize false positives while catching real-world malware families.</description><pubDate>Sat, 05 Jul 2025 00:00:00 GMT</pubDate><category>Detection Engineering</category><category>Malware Analysis</category><category>Threat Hunting</category><author>Sivabalan Chandra Sekaran</author></item><item><title>Linux Privilege Escalation: Exploiting Misconfigurations in Production Environments</title><link>https://dekingofcyber.com/blog/linux-privilege-escalation/</link><guid isPermaLink="true">https://dekingofcyber.com/blog/linux-privilege-escalation/</guid><description>Systematic approach to identifying and exploiting common Linux privilege escalation vectors including SUID binaries, capabilities, and cron misconfigurations.</description><pubDate>Wed, 18 Jun 2025 00:00:00 GMT</pubDate><category>Linux</category><category>Purple Team</category><author>Sivabalan Chandra Sekaran</author></item><item><title>Web Cache Poisoning: Exploiting HTTP Implementation Discrepancies</title><link>https://dekingofcyber.com/blog/web-cache-poisoning/</link><guid isPermaLink="true">https://dekingofcyber.com/blog/web-cache-poisoning/</guid><description>Technical analysis of web cache poisoning attacks leveraging unkeyed headers and cache key normalization differences between proxies and origin servers.</description><pubDate>Thu, 22 May 2025 00:00:00 GMT</pubDate><category>Web Security</category><category>Threat Hunting</category><author>Sivabalan Chandra Sekaran</author></item><item><title>CVE-2021-44228 Log4Shell: Root Cause, Exposure Mapping, and Detection</title><link>https://dekingofcyber.com/blog/cve-walkthrough/</link><guid isPermaLink="true">https://dekingofcyber.com/blog/cve-walkthrough/</guid><description>A real-world case study of Log4Shell, the Apache Log4j remote code execution vulnerability, with practical guidance for asset discovery, patching, and detection.</description><pubDate>Thu, 10 Apr 2025 00:00:00 GMT</pubDate><category>Web Security</category><category>Cloud Security</category><category>Incident Response</category><author>Sivabalan Chandra Sekaran</author></item></channel></rss>