Recently something interesting happened.
My research on DLL hijacking detection was referenced in work from the National Cyber Security Centre (Cyber Defence Analysis).
www.linkedin.com/posts/manish...
#sysmon #cybersecurity #threathunting #detectionengineering #medium #substack #infosec #events
@vickyjo @verovaleros Hi @verovaleros, are you a #detectionengineering specialist operating at the cutting edge of whats possible here today?
Or doing something with Agentic SOC?
If yes, then we're trying to build panels on these topics at BSidesLuxembourg.
#BSidesLuxembourg2026 […]
~Elastic~
Elastic's new ES|QL COMPLETION command embeds LLM reasoning directly into detection queries to automate alert triage and reduce false positives.
-
IOCs: (None identified)
-
#AI #DetectionEngineering #Elastic #ThreatIntel
ReversingLabs' Ashlee Benge shares how to use YARA retrohunting for detection engineering by leverageing RL's dynamic analysis of "pkr_mtsi" for defense in Spectra Analyze.
👉 hubs.ly/Q043qJY-0
#yararules #detectionengineering #malwareanalysis
~Elastic~
Elastic introduces using LLMs directly in ES|QL queries to reason about and triage correlated security alerts, reducing false positives.
-
IOCs: (None identified)
-
#AI #DetectionEngineering #Elastic #ThreatIntel
🔍 Up first: Steve Cooper on owning your detection coverage and turning uncertainty into confidence. Detection engineering made simple, practical, and powerful.
What’s your biggest challenge in this space? We'd love to hear from you! #CyberSecurity #DetectionEngineering #CSCVol14
~Elastic~
A guide to automating live malware (CVE-2024-3094) and Active Directory attack labs with Ludus and Elastic for continuous detection validation.
-
IOCs: CVE-2024-3094
-
#DetectionEngineering #PurpleTeam #ThreatIntel
Know any good #detectionengineering who aren't white males? Please propose, wanna follow them! :)
~Elastic~
Elastic Security 9.3 now supports automatic migration of QRadar detection rules, simplifying SIEM transitions.
-
IOCs: (None identified)
-
#DetectionEngineering #Elastic #SIEM #ThreatIntel
I've released my new course:
Practical Threat Hunting for Beginners
Similar courses: $$$$
This course: $$
academy.bluraven.io/course/pract...
#ThreatHunting #DetectionEngineering
It looks like #BSidesLuxembourg will have a #detectionengineering village. If that’s something you want to contribute to, please be in touch asap as we start defining what that will be implemented as asap
#bsides
Tracked a pig butchering operation from the #Indian #Matrimony search app to a wallet drainer.
One wallet. 20 days. $350,000+ in ETH.
Here's the technical breakdown:
#ThreatIntel #CryptoFraud #PigButchering #OSINT #BlockchainAnalysis #DetectionEngineering #CyberThreatIntelligence
I’m excited to share that my new book is now available at www.amazon.ca/dp/B0G6S81YSZ : “Augmented Security Operations: AI, Automation and Guardrails for Cybersecurity Leader.”
#CyberSecurity #SOC #SecurityOperations #AI #GenAI #Automation #SOAR #DetectionEngineering #Governance #RiskManagement
If you're doing #ActionableCTI or #detectionengineering -> submit to the @BSidesLuxembourg CFP, we are brewing something really interesting for you!
APT31 isn’t breaking in. They’re blending in.
Microsoft Dev Tunnels, cloud storage, signed binaries, all abused as stealthy C2.
This is trust exploitation at scale.
🔗 blackcastle.com.au/blog/apt31-t...
#APT #ThreatIntelligence #CloudSecurity #DetectionEngineering #CyberSecurity #Maldev #offsec
FalconForce’s Agapios brings you an early Christmas present🎁: the second blog in #detectionengineering maintenance. Learn all about how data science can boost your detection maintenance … and keep you from herding sheep. Enjoy the read and happy holidays🎄
falconforce.nl/how-data-sci...
Help us build an awesome event this upcoming May!
Submit to our CFP, help us get our villages, workshop day and talk tracks over 2 days to be awesome!
Maybe a cloudsec village or cloud track?
We're seriously trying to build a #detectionengineering village or track.
How about AI security?
An […]
#threathunting #cybersecurity #thrunting #soc #blueteam #detectionengineering #incidentresponse #cyberdefense #aiinsecurity #agenticai #scada #otsecurity #purpleteam #grc #peakframework #THORcollective #dispatchdebrief
🔥 #BlackFriday discounts are live🔥
➤ 35% OFF all #KQL courses for threat hunting, detection engineering, and incident response.
#ThreatHunting #DetectionEngineering #DFIR #incidentresponse #CyberSecurity #InfoSec
👉academy.bluraven.io/blackfriday2...
#autonomousSOC #taylorsversion #cybersecurity #threathunting #SOClife #detectionengineering #automation #THORcollective #infosec #securityoperations
💡FalconForce has invested its offensive security knowledge and applied R&D into creating high-fidelity detection content; to detect threats that are in the blind spots of many organizations.
👉 Try it for yourself on GitHub: github.com/FalconForceT...
#SOC #kusto #detectionengineering #falconfriday
New post on how to get your detection engineering program to be APT-ready:
ag-michael.github.io/02.html
A bit wordy, but looking for any feedback/thoughts.
#DetectionEngineering #APT #infosec #threathunting #purpleteaming #bas #detection
Amine Besson's 'SOC must die talk' from #BSidesLuxembourg2025 is an absolute blast and a must-watch if you want to know where your SOC should move in today's environment and which role autonomy and AI will/should have in it going forwards
So if you do #blueteam #SOC #DetectionEngineering, watch […]
Amine Besson's 'SOC must die talk' from #BSidesLuxembourg2025 is an absolute blast and a must-watch if you want to know where your SOC should move in today's environment and which role autonomy and AI will/should have in it going forwards
So if you do #blueteam #SOC #DetectionEngineering, watch […]
Detection Engineering moves SOCs to Detection-as-Code: versioned detections, Sigma/KQL/SPL logic, and Atomic Red Team validation to reduce noise and manage detection decay. #detectionengineering #Sigma #MITRE_ATTACK https://bit.ly/4q4w9qn
Streamline detection engineering with DetectionStream: search existing rules, convert between frameworks, and generate new detections for logging pipelines. #tool #detectionengineering #threathunting https://bit.ly/3IVluO3
#DetectionEngineering #OpenTIDE
So #Cloudot will help you empirically map attack telemetry, create it and allow you to try to test your detections also
Now Itay Gabbay releases Cloudot, a tool to help you with #DetectionEngineering in cloud.
The tool looks like a serious chunk out of the #OpenTIDE backlog!
screenshot of The Yaralyzer output
Used some #AI to jury rig a basic API documentation site for The Yaralyzer, my unexpectedly popular tool for visualizing and forcibly decoding #YARA matches in binary data.
* GitHub: https://github.com/michelcrypt4d4mus/yaralyzer
* PyPi […]
[Original post on universeodon.com]
Interested in hands-on learning of #DetectionEngineering and #ThreatHunting ?
We still have a few tickets left for @DEATHCon2025 in #Montreal
We are lucky enough to have 4 Workshops Leaders with us that will be able to hosts a Live Play of their workshop and help you complete it!
