This page contains a list of publications that I have made or been apart of.
2026
DFIR Investigation: Guloader Loader Execution Chain Triskele Labs · Forensic breakdown of a real Guloader ransomware campaign which details the execution chain, process injection via RegAsm.exe, IOCs, and detection artefacts from a live investigation.
From Torrented Software to Ransomware Triskele Labs · Business-level case study documenting how an unmonitored endpoint and credential theft led to full ransomware deployment.
2025
State of Cyber: DFIR Report FY2024–25 stateofcyber.com.au · Triskele Labs · Annual analysis of 201 incident response engagements across Australia and New Zealand which includes ransomware trends, BEC patterns, threat actor TTPs, and dwell times across healthcare, finance, and critical infrastructure.
Threat Actors Using Python to Harvest Your Inbox Triskele Labs · This documents a novel BEC exfiltration technique using Python scripts and Microsoft Graph API to harvest mailboxes while evading detection by masking activity behind Microsoft IP addresses.
2024
Understanding Token Theft and MFA Bypass Techniques Triskele Labs · Research covering Adversary-in-the-Middle attacks, session token theft, and detection strategies from real BEC investigations across AUS, UK, and US operations.
2023
MOVEit MFT CVE-2023-34362 Critical Advisory Triskele Labs · Critical SQL injection vulnerability in MOVEit Transfer which was one of the most widely exploited vulnerabilities of 2023.
PaperCut NG/MF CVE-2023-27350 Advisory Triskele Labs · Critical authentication bypass actively exploited by Cl0p and LockBit ransomware groups for initial access.
FortiGate SSLVPN Vulnerability Advisory Triskele Labs · Critical FortiGate SSLVPN vulnerabilities which were a primary initial access vector for ransomware groups targeting ANZ organisations.
WordPress Essential Addons CVE-2023-32243 Advisory Triskele Labs · Solo Critical privilege escalation in Essential Addons for Elementor which affected over one million WordPress installations globally.