Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Why Detection Engineering is Crucial for Effective Cyber Defense

A Continuously Changing Contrast While many experts concentrate on firewalls, encryption, and endpoint security, one area is often overlooked yet is crucial for ensuring systems are safeguarded: detection engineering. This is a habit that not only helps companies stop attacks but also is very important for quickly identifying and handling possible breaches. To reveal maliciousness, lower risk, and maintain networks and data cleanliness, one must first understand detection engineering.

For Science! - Threat hunting with SCinet at SC24

In November 2024, I participated in SCinet with the Network Security team at SC24. My job was supporting Corelight sensors and threat hunting using the data the sensors produced. This engagement allowed for a very constructive comparison between the networking challenges at SC and Black Hat USA, where I had the honor of working in the Network Operations Center (NOC) a few months earlier. At SC, I felt immersed in the cutting-edge world of research computing with people showcasing the fastest everything.

Top Strategies for Effective Cobalt Strike Detection in Your Network

Cobalt Strike is a penetration testing tool designed for adversary simulation and red team operations. Legitimately, it's used by security professionals to test network defenses, simulate attacks, and train incident response teams on how to detect and respond to real threats. Cobalt Strike was one of the first public red team command and control frameworks.

Running DeepSeek AI privately using open-source software

Zeek is a powerful open-source network analysis tool that allows users to monitor traffic and detect malicious activities. Users can write packages to detect cybersecurity events, like this GitHub repo that detects C2 from AgentTesla (a well-known malware family). Automating summarization and documentation using AI is often helpful when analyzing Zeek packages.

Why Pen Testing Is Essential in Today's Cyber Threat Landscape

The digital frontier is expanding quickly, with organizations across every industry depending on interconnected systems to communicate, store data, and drive innovation. However, as technology evolves, malicious actors also refine their tactics. This article examines key defenses that protect today's infrastructures.

Optimize EDR logs and route them to SentinelOne with Observability Pipelines

Endpoint detection and response (EDR) systems such as SentinelOne Singularity Endpoint, CrowdStrike, and Microsoft Defender monitor IT infrastructure such as computers, mobile devices, and network devices to detect, alert on, and respond to cyber threats. These EDR systems record data about the endpoints to identify abnormal behavior, block malicious activity, and provide remediation suggestions with contextual information.

Network Traffic Analysis for Data Exfiltration Detection - How Can It Be Done?

“Cybersecurity is much more than a matter of IT; it’s a matter of national security.” – Barack Obama. Data breaches are more than simply an IT concern; they may cause significant financial losses, regulatory fines, and reputational damage. Cybercriminals are always devising new ways to steal sensitive data, making it difficult for security teams to detect and mitigate these threats before they cause serious harm. This is where Network Traffic Analysis (NTA) comes in.

Understanding Identity Threat Detection and Response

One of the largest data breaches of 2024 didn’t require advanced tactics, techniques, and procedures (TTPs), or an escalating chain of successful attacks. It simply required purchasing credentials on the dark web and using them to log in and steal data, once again highlighting the vital need for robust, proactive protection against the growing surge of identity-based attacks.

The Ultimate Guide to Sigma Rules

In cybersecurity as in sports, teamwork makes the dream work. In a world where security analysts can feel constantly bombarded by threat actors, banding together to share information and strategies is increasingly important. Over the last few years, security operations center (SOC) analysts started sharing open source Sigma rules to create and share detections that help them level the playing field.