INDEPENDENT RESEARCH • EST. 2026

Attackers improve.
Defenders should too.

UMBRASEC is a new, independent research project focused on the defensive side of security — detection engineering, honest threat analysis, and open-source tooling that helps defenders spot real techniques in their own logs.

Read the first guide What this project is
NEW & BUILDING IN THE OPEN
An independent, one-person research project.
Started 2026. No company, no clients, no track record to inflate — just published work you can check.
SCOPE
Defensive research only — detection, analysis, and mitigation. No offensive tooling, exploits, or malware published here.
01 · RESEARCH

Research.

This is where writeups land. There's one published so far — the honest starting point for a project that's a few days old. Each piece is technical, sourced, and reproducible against your own data.

DETECTION ENGINEERING
Detecting Kerberoasting: A Practical Walkthrough with Sigma
A defender-focused breakdown of Kerberoasting (MITRE ATT&CK T1558.003): how the technique works, why RC4 service tickets give it away, and a set of Sigma rules — with tuning notes — you can drop into your SIEM today.
Jun 2026 · ~14 min read Read →
More writeups in progress. See the research index →
02 · APPROACH

How this project works.

Sourced, not asserted

Every technical claim links back to primary sources — vendor advisories, MITRE ATT&CK, CVE records, and reputable reporting. If it isn't cited, it isn't stated.

Defensive by scope

The work explains how attacks function so defenders can catch them — detection logic, log artifacts, mitigations. No weaponized exploits, jailbreak libraries, or malware ship from here.

Reproducible

Detections come as rules you can run, mapped to real event IDs and ATT&CK techniques, with false-positive and tuning notes — so you can verify them against your own environment.

On honesty: UMBRASEC is brand new. You won't find report counts, disclosure tallies, or claims of a long history on this site, because there isn't one yet. The reputation, if it comes, will come from work you can read and check.

03 · OPEN SOURCE

Defensive tooling.

Small, useful, open-source tools for defenders — built in the open on GitHub. Honest status labels; nothing here claims to be more finished than it is.

kev-watch
WORKING

A zero-dependency Python monitor for the CISA Known Exploited Vulnerabilities (KEV) catalog. Tracks newly added, actively-exploited CVEs and flags ones that match products you care about. Public data only.

View on GitHub →
sigma-pack
PLANNED

A curated, tested collection of the Sigma detection rules published in the research writeups — packaged for easy import, with documented false-positive profiles. Grows one writeup at a time.

Tracks the research →
04 · CONTACT

Get in touch.

Corrections, source suggestions, or a detection that didn't behave the way the writeup said it would? That's exactly the feedback this project wants. Open an issue on GitHub or send an email.

github.com/atraxsrc/umbrasec [email protected]
SUPPORT THIS PROJECT

Everything here is free to read — no paywalls, no email gate. If the research saves you time, optional contributions help keep it independent. Scan a code, or click an address to copy it.