Prioritization of the Detection Engineering Backlog

Prioritization of the Detection Engineering Backlog

Written by Joshua Prager and Emily LeidyIntroductionStrategically maturing a detection engineering function requires us to divide the overall function into smaller discrete problems. One such seemingly innocuous area of detection engineering is the ...
On Detection: Tactical to Functional

On Detection: Tactical to Functional

Part 7: Synonyms“Experience is forever in motion, ramifying and unpredictable. In order for us to know anything at all, that thing must have enduring properties. If all things flow, and one can never ...
On Trust and Transparency in Detection

On Trust and Transparency in Detection

| | Detection, threat detection
This blog / mini-paper is written jointly with Oliver Rochford.When we detect threats we expect to know what we are detecting. Sounds painfully obvious, right? But it is very clear to us ...
On Detection: Tactical to Functional

On Detection: Tactical to Functional

Part 3: Expanding the Function Call GraphIntroductionIn the previous post in this series, I introduced the concept of operations and demonstrated how each operation has a function call graph that undergirds it. In ...
Endpoint Detection Compared

Endpoint Detection Compared

We compare endpoint security products directly using real, major threats. Welcome to the first edition of the Enterprise Advanced Security test that compares different endpoint security products directly. We look at how ...
Hang Fire: Challenging our Mental Model of Initial Access

Hang Fire: Challenging our Mental Model of Initial Access

| | Detection, Red Team, security
For as long as I’ve been working in security, initial access has generally looked the same. While there are high degrees of variation within each technique (i.e., payloads, pretexts, delivery mechanisms, obfuscations) ...
20 Years of SIEM Webinar Q&A

20 Years of SIEM Webinar Q&A

I recently did this fun SANS webinar titled “Anton Chuvakin Discusses “20 Years of SIEM — What’s Next?”” (the seemingly self-centered title was suggested by CardinalOps who organized the webinar). As it is common ...
SMB Cowbell Cyber cyberattack colonial ransomware insurance attacks access

3 Ways to Improve Your Ability to Recover From Ransomware

‘It is not a matter of if, but a matter of when’ is becoming a familiar refrain whenever anyone discusses a ransomware attack. Regardless of the size or industry of the company; ...
Security Boulevard

Google Cloud Security Talks Set to Tackle Improving Your Threat Detection and Response 

As if your detection and response efforts needed any more reminding, the tenuous state of geopolitics has left many security... The post Google Cloud Security Talks Set to Tackle Improving Your Threat ...
Dylib Loads that Tickle your Fancy

Dylib Loads that Tickle your Fancy

| | Detection, macos, TCL
Loading malicious dylibs into the Tclsh binaryBackgroundAs detection of osascript command-line executions has increased, I started looking more into alternative forms of payload execution. As a result of this research, I found a ...