https://socdfir.com/2026/04/01/the-ticket-that-let-them-in-how-support-workflows-quietly-extend-breach-dwell-time/Ramblings of a CyberSecurity Nerden2026-04-01T20:03:34+00:00The Ticket That Let Them In: How Support Workflows Quietly Extend Breach Dwell Timesecurity, cybersecurity, technology, mfa, cyber-security, incident-response, lolbins, mitre-attck, soc, detection-engineering, splunk, iam, multi-factor-authentication, dwell-time, help-desk, it-support, t1078, t1621, t1556-006, t1098, identity-management, accidental-anti-forensics, credential-abusehttps://socdfir.com/2026/04/01/they-didnt-break-in-they-logged-in-the-real-problem-with-modern-ransomware/Ramblings of a CyberSecurity Nerden2026-04-01T15:57:17+00:00They Didn’t Break In They Logged In: The Real Problem With Modern Ransomwaresecurity, cybersecurity, technology, cyber-security, phishing, incident-response, dfir, Threat Detection, Living off the Land, threat-hunting, soc, blue-team, ransomware, zero-trust, Security Monitoring, powershell, identity-security, lateral-movement, rdp, psexec, network-segmentation, ueba, access-control