Logwatcher's Zenit
At the summit of signal and noise lies the Logwatcher's Zenit — a quiet place for analysts who squint at timestamps and whisper to correlation engines. Bring your coffee, leave your assumptions at home, and don't come alone.
Dirty Bits
Forensic sorcery, registry rituals, and the occasional unexplainable binary behavior.
Questionable methods.
Unquestionable results.
KQLture Club
SIEM-ingly useless queries and detections — until you realise they’re not. Pour a fresh coffee and embrace the absurdity of signal exploration.
SideQuests
The unexpected tech adventures, odd challenges, and delightful distractions that remind us: sometimes the side quest is more fun than the main story.
Latest Posts
Read more at 👉🏻 https://threathunter-chronicles.medium.com
About David, the Logwatcher
David Lilja is a seasoned cybersecurity expert with nearly 30 years in IT, spanning infrastructure, software development, and security leadership. At Truesec's SOC, he helps defend organisations across critical sectors through threat hunting and incident response. He's also part of the extended CSIRT and a regular speaker at industry events.
When not parsing logs or hunting threats, David composes music—and occasionally scores Truesec’s videos with his own tracks.
The ThreatHunter Chronicles is his outlet for deep-diving and researching different topics. It's basically just a blog about learning more things, and teaching along the way.
