Detection
Prioritization of the Detection Engineering Backlog
Written by Joshua Prager and Emily LeidyIntroductionStrategically maturing a detection engineering function requires us to divide the overall function into smaller discrete problems. One such seemingly innocuous area of detection engineering is the ...
On Detection: Tactical to Functional
Part 7: Synonyms“Experience is forever in motion, ramifying and unpredictable. In order for us to know anything at all, that thing must have enduring properties. If all things flow, and one can never ...
On Trust and Transparency in Detection
This blog / mini-paper is written jointly with Oliver Rochford.When we detect threats we expect to know what we are detecting. Sounds painfully obvious, right? But it is very clear to us ...
On Detection: Tactical to Functional
Part 3: Expanding the Function Call GraphIntroductionIn the previous post in this series, I introduced the concept of operations and demonstrated how each operation has a function call graph that undergirds it. In ...
Endpoint Detection Compared
We compare endpoint security products directly using real, major threats. Welcome to the first edition of the Enterprise Advanced Security test that compares different endpoint security products directly. We look at how ...
Hang Fire: Challenging our Mental Model of Initial Access
For as long as I’ve been working in security, initial access has generally looked the same. While there are high degrees of variation within each technique (i.e., payloads, pretexts, delivery mechanisms, obfuscations) ...
20 Years of SIEM Webinar Q&A
I recently did this fun SANS webinar titled “Anton Chuvakin Discusses “20 Years of SIEM — What’s Next?”” (the seemingly self-centered title was suggested by CardinalOps who organized the webinar). As it is common ...
3 Ways to Improve Your Ability to Recover From Ransomware
‘It is not a matter of if, but a matter of when’ is becoming a familiar refrain whenever anyone discusses a ransomware attack. Regardless of the size or industry of the company; ...
Google Cloud Security Talks Set to Tackle Improving Your Threat Detection and Response
As if your detection and response efforts needed any more reminding, the tenuous state of geopolitics has left many security... The post Google Cloud Security Talks Set to Tackle Improving Your Threat ...
Dylib Loads that Tickle your Fancy
Loading malicious dylibs into the Tclsh binaryBackgroundAs detection of osascript command-line executions has increased, I started looking more into alternative forms of payload execution. As a result of this research, I found a ...
