🧢 BlueTeamCoolTeam

Digital Forensics · Detection Engineering · Threat Hunting

Defending the 99%.

Welcome to BlueTeamCoolTeam — a space for defenders, by defenders.

This is where I publish hands-on write-ups of real incidents and malware samples, with one eye on the technical detail and the other on what a defender or sysadmin can actually do about it. Every post is mapped to the Essential Eight and MITRE ATT&CK, with concrete detection opportunities and ASD/ACSC hardening references so you can take something back to your environment the same day.

I write under my own name. The posts aren’t sponsored, aren’t vendor write-ups, and aren’t aimed at executives — they’re one practitioner sharing with peers. If something here helps you catch a thing, harden a thing, or just sleep slightly better, I’ve done the job.

Who’s writing this

I’m Luke Wilkinson, a blue-team practitioner working in detection engineering, digital forensics, and threat hunting. I’ve spent years in security operations and government blue teams: triaging alerts, isolating hosts under pressure, reversing samples, and writing the reports that turn findings into plain language. The write-ups here come straight out of that day job. Real tools, real decisions, the impact-vs-criticality call that defenders make every shift.

Find me

• 🐦 X / Twitter: @btcoolteam
• 📸 Instagram: @blueteamcoolteam

Disclaimer

The views and opinions expressed on this site are my own and do not represent those of my employer. This is a personal blog where I share research and things I’m learning.