A Five Year Retrospective on Detection as Code
Five years ago, I co-authored the first public paper on the concept of Detection as Code. While having some technical peers review this paper, we found that a few more advanced security programs were already utilizing this sort of method, just not publicly talking about it.
Five Insights From My Time Building 3 SOCs and Consulting For Over 40 Fortune 500 Companies and Federal Agencies
Throughout my cybersecurity career, I’ve had the opportunity to build three Cyber Security Operation Centers (SOCs) from scratch, including two for Managed Detection and Response (MDR) providers.
Detecting RegreSSHion - CVE-2024-6387 a Guide
Recently, the killer vulnerability research team at Qualys discovered a Remote Code Execution (RCE) vulnerability in OpenSSH that exploits a race condition within SSH. This vulnerability is particularly concerning because SSH is commonly exposed to the internet for remote system management.
Commonly Abused Linux Initial Access Techniques and Detection Strategies
The volume and quality of Threat Intelligence for Linux attacks have traditionally lagged behind that for Windows, despite Linux's significant cloud presence. Most reports have focused on reverse engineering Linux-based malware and attack tools.
Detectors as Code
Security operations and monitoring teams face a variety of challenges: the rapid evolution of adversarial tradecraft
