>_PJ

Publications

Microsoft publications

Research published through official Microsoft security channels. New articles are added here automatically as soon as they're added to the data file — no code changes needed.

PublicationMicrosoft Security Blog· 2026

Photo ZIP Campaign Targeting the Hospitality Industry Delivers a Node.js Implant for Persistent Access

Analysis of an active multi-stage intrusion campaign targeting the hospitality industry across Europe and Asia — photo-themed ZIP lures, obfuscated PowerShell, a Node.js implant, dual registry persistence, and C2 over non-standard ports, including "authentication laundering" through trusted services.

Threat HuntingThreat Intelligence
PublicationMicrosoft Community Hub

When Trust Becomes the Attack Vector: Analysis of the EmEditor Supply Chain Compromise

A technical breakdown of a supply chain compromise affecting the EmEditor update mechanism, covering the attack path, detection opportunities, and defensive recommendations.

Supply Chain SecurityThreat HuntingDetection Engineering
PublicationCloud Security Alliance· 2024-04-03

HSM-as-a-Service: Use Cases, Considerations, and Best Practices

Contributor and reviewer on the Cloud Security Alliance Cloud Key Management working-group publication covering the HSM-as-a-Service delivery model, security considerations, and vendor selection.

Cloud Security
PublicationCloud Security Alliance· 2023-12-19

Key Management Lifecycle Best Practices

Contributor and reviewer on the Cloud Security Alliance publication detailing best practices across each phase of the cryptographic key management lifecycle.

Cloud Security
PublicationMicrosoft Community Hub

Microsoft Defender Experts Disrupt Jasper Sleet's Insider Access Campaign

Co-authored Microsoft Security Experts analysis of how Defender Experts detected and disrupted Jasper Sleet — a North Korea-nexus actor operating as a remote IT worker inside a live enterprise tenant — through proactive behavioral threat hunting.

Threat HuntingThreat Intelligence
PublicationBlack Hills Information Security

The Future of Threat Hunting: The Hunter is Dead, Long Live the Engineer

Published author in the Black Hills Information Security (BHIS) InfoSec Survival Guide (Teal Book) on threat hunting — distributed in hard copy at the Antisyphon Threat Hunting Summit.

Threat HuntingDetection Engineering
PublicationMicrosoft Defender Experts· 2025

Active Exploitation Hunt — CVE-2025-30406

Microsoft Defender Experts (DEX) threat hunt into in-the-wild exploitation of CVE-2025-30406 (CVSS 9.8), an unauthenticated RCE in Gladinet CentreStack and Triofox driven by a hardcoded cryptographic key. Tracked hands-on-keyboard intrusion, backdoor persistence, and post-exploitation activity following the vendor patch (Apr 3, 2025) and CISA KEV listing (Apr 8, 2025) — turning findings into deployable detections. Internal customer hunt report; not publicly published.

Threat HuntingThreat Intelligence

Coming soon

Next Microsoft publication appears here — just add it to data/content.json.