Really liked this post by Roza Maille at Trustedsec about how one could get into Detection Engineering. Especially liked the idea of focussing on core knowledge areas rather than specific things like Yara.

Also very useful with plenty of links to relevant resources for getting deeper into it all.

https://www.trustedsec.com/blog/on-the-road-to-detection-engineering/

[ #DetectionEngineering #TrustedSec ]

Any thoughts on how many Credential Stealer families rely on using the Telegram API Bot endpoint for exfiltrating / copying information from infected devices?

Trying to assess the potential for leveraging that observation for some simple detection rules of potential stealer infections.

Any hot takes?

[ #ThreatIntel #DetectionEngineering #CredentialStealer ]

If you're looking for great #DetectionEngineering content and haven't subscribed to @techy substack, go do it now: https://www.detectionengineering.net/

Always look forward to seeing the weekly newsletter arrive in my inbox!

RT @ptracesecurity
Microsoft Defender for Endpoint Internals 0x04 — Timeline telemetry https://medium.com/falconforce/microsoft-defender-for-endpoint-internals-0x04-timeline-3f01282839e4 #Pentesting #DetectionEngineering #CyberSecurity #Infosec

When you're trying to socialize a unified #CTI #ThreatHunting #DetectionEngineering taxonomy and your mind just continually goes to this:

Although tThat anology about "teenagers having sex" (more talk than action going) may no longer work like it do for GenX, my hunch is that 75% of organizations are not doing "Detection as Code" yet in their #siem #detectionengineering

This article on #detectionengineering is making the rounds https://medium.com/brexeng/elevating-security-alert-management-using-automation-828004ad596c

This is a great post with awesome details for #blueteam #detectionengineering
https://twitter.com/jsecurity101/status/1615727703168278528?t=OulT5aKDVYBNwqVf0VClvg&s=19

Not sure if they are on this medium...

Like I needed another podcast https://www.dcppodcast.com/ #detectionengineering #detection

https://blog.mdfranz.com/what-i-learned-reviewing-46-detection-engineering-resumes-in-100-minutes-and-why-i-only-picked-6-53073fa9e9ae --short blog on #detectionengineering #hiring

Windows Registry is one of the powerful features of Windows OS that being tweak and abused by Threat actors. In this Splunk Threat Research blog we described common MITRE ATT&CK TTP’s that leverages win registry ( 8/14) including its detections, #atomicredteam testing and analysis. 😊#splunk #malware #STRT#BlueTeam #detectionengineering

https://www.splunk.com/en_us/blog/security/from-registry-with-love-malware-registry-abuses.html

This is gona be cool for #training and #detectionengineering

https://www.splunk.com/en_us/blog/security/attack-range-v3-0.html

Almost exactly a year ago I had the opportunity to present at @hacks4pancakes 's #PancakesCon to talk two of my passions: #DetectionEngineering and #LEGO!
https://youtu.be/laF5Yl2RALg

It feels so good having a functioning lab again. #Suricata rules started firing after I launched a Python server and downloaded a PE file. At some point I'll learn #YARA but for now network logs are good enough.
#DetectionEngineering #IncidentResponse #VirtualBox

It feels so good having a functioning lab again. #Suricata rules started firing after I launched a Python server and downloaded a PE file. At some point I'll learn #YARA but for now network logs are good enough. #DetectionEngineering #IncidentResponse #VirtualBox

Now is a good time for you to drop couple of #AWS #canarytokens in your #slack chats. You might get lucky...
#detectionengineering #spotthebirdie

Well now that I'm here it's probably about time I start marketing my #DetectionEngineering book coming out this spring. Really excited about this project, been having a great time working with Jason (@cog) and Gary on it. Will have posts over the coming weeks teasing some stuff leading up to its release in late Spring. There are some wonderful blog posts out there on DE, but based on our market research, this is going to be the first comprehensive book on DE and is designed to be a practical, hands-on guide. Super duper excited to share more over the coming weeks and eventually launch the book for everyone to get their hands on!

Hey if you need somone on the #CTI #threatintel or #threathunting and #detectionengineering front, I'm VERY MUCH listening right now. You can find my CV here (https://pylos.co/wp-content/uploads/2022/12/slowik-resume_long.pdf) and some of my past public presentations (https://pylos.co/presentations/) and written items (https://pylos.co/papers-publications-and-external-postings/).

I'm especially partial to roles in #ICS / #OT and critical infrastructure!

Find articles like this really interesting. I think signature based detection techniques hand in hand with unsupervised machine learning is the way forward (and obviously already leveraged by market leaders). If anyone knows of similar write ups let me know! Need some Christmas reading… #detectionengineering https://blog.developer.adobe.com/using-machine-learning-to-detect-command-line-anomalies-a3257daafeab

New reporting on #ProxyNotShell by Palo Alto's Unit42!
🔗https://unit42.paloaltonetworks.com/threat-brief-owassrf/

Key points:

🗓️​ Threat activity starting in late November
➡️​ Download of renamed Putty
➡️​ Anydesk execution from `C:\ProgramData\`
➡️​ Account creation (`admon`)
➡️​ Credential Dumping via Task Manager
🛡️​ Detection/Hunting Op: `w3wp` process abuse

#ThreatIntel #CTI #DetectionEngineering