banner
LightNews
techy.detectionengineering.net
techy
@techy.detectionengineering.net
1.5K followers 390 following 70 posts
Creator of Detection Engineering Weekly (https://detectionengineering.net), Sec Research/Intel/Detection @ Datadog
detectionengineering.net),
Posts Media Videos Starter Packs
Pinned
techy.detectionengineering.net
techy @techy.detectionengineering.net · Nov 18
I made a Detection Engineering starter pack, will be adding more as more folks jump over to bluesky! go.bsky.app/HenXJUR
8 55 130
techy.detectionengineering.net
techy @techy.detectionengineering.net · 17d
This post is sponsored by detections.ai!

Tired of manually writing detection rules? detections.ai uses AI agents to convert threat intel into SIGMA, SPL, KQL, YARA rules automatically. Join 7,500+ detection engineers in the community. Use code "DEW" to get started: detections.ai
detections.ai
View and interact with detection rules shared by the community
detections.ai
techy.detectionengineering.net
techy @techy.detectionengineering.net · 17d
Threats: Microsoft seizes 338 RaccoonO365 sites, domains and panels, Two teenagers charged for London transport outage from August 2024, BlackLotus Labs latest research on SystemBC, Oliver Smith TTP updates for DPRK's BeaverTail malware family
1
techy.detectionengineering.net
techy @techy.detectionengineering.net · 17d
* Garv Kamra's first foray into writing SIEM detections
* Jacob Zalesky first blog post ever (!) on threat hunting ideas in AWS
1
techy.detectionengineering.net
techy @techy.detectionengineering.net · 17d
* Ryan Tomcik on co-occurring detection ideation using composite rules in Google SecOps
* Amitai Cohen's take on effective work & task prioritization with a gaming analogy near and dear to my heart (RTS games baby!)
* Hanif Kurniawan A. helps readers detect log source outages in Wazuh
1
techy.detectionengineering.net
techy @techy.detectionengineering.net · 17d
DEW #130 - God-mode Azure vulnerability, Composite Detections & Detection Observability

In this post:
* 💎 by Dirk-jan Mollema discloses a cross-tenant Azure vulnerability that gives access to any Azure tenant, with detection opportunities to boot!
www.detectionengineering.net/p/dew-130-go...
DEW #130 - God-mode Azure vulnerability, Composite Detections & Detection Observability
power overwhelming
www.detectionengineering.net
1 1
techy.detectionengineering.net
techy @techy.detectionengineering.net · Jun 22
I'm starting a new series on Detection Engineering called the Detection Field Manual. I wanted to publish < 10 minute reads on threat detection topics I've built in the field, at conferences and our interviews for candidates at Datadog.
Here's issue 1!
www.detectionengineering.net/p/detection-...
Detection Engineering Field Manual #1 - What is a Detection Engineer?
Why does Detection Engineering matter to a security org?
www.detectionengineering.net
1 1 8
techy.detectionengineering.net
techy @techy.detectionengineering.net · May 10
I'm so excited to announce that Datadog Security Research is launching a FREE, fully-online, Detection Engineering focused conference called Datadog Detect!

bit.ly/datadog-detect

Our lineup is incredible with experts in the field of detection, response and threat intelligence.
Datadog Detect: Scale your Security Operations with Detection Engineering | Datadog
See metrics from all of your apps, tools & services in one place with Datadog's cloud monitoring as a service solution. Try it for free.
bit.ly
3 9
techy.detectionengineering.net
techy @techy.detectionengineering.net · Apr 27
Found just outside Moscone North for RSA. Now I'm pumped for my talk tomorrow. #hacktheplanet
1 2
techy.detectionengineering.net
techy @techy.detectionengineering.net · Apr 9
Detection Engineering Weekly Issue 109 is live! www.detectionengineering.net/p/det-eng-we...
Det. Eng. Weekly #109 - I’m making a Hinge for detection engineers
Your profile is a rule, an alert is a match, and a false positive is a shitty date
www.detectionengineering.net
2 4
techy.detectionengineering.net
techy @techy.detectionengineering.net · Apr 2
Detection Engineering Weekly issue 108 is live! www.detectionengineering.net/p/det-eng-we...
Det. Eng. Weekly #108 - Can any1 in the IC add me to their Signal group?
Just tryna forward some reels and feelin left out rn
www.detectionengineering.net
5
techy.detectionengineering.net
techy @techy.detectionengineering.net · Feb 9
@sekoia.io FYI your TLS cert is showing invalid due to date expiration for *.sekoia.io
1 2
techy.detectionengineering.net
techy @techy.detectionengineering.net · Feb 4
I love it when you guys go deep into a topic. The deepseek episode was a great example.
2 3
techy.detectionengineering.net
techy @techy.detectionengineering.net · Feb 4
Weekly: 1 hour
Deep dives: 2-3 hours
1 2
techy.detectionengineering.net
techy @techy.detectionengineering.net · Jan 22
Browns coming in last yet again
3
Reposted by techy
sentinelone.com
SentinelOne @sentinelone.com · Jan 20
🍎👿 The key macOS malware families of 2024: This past year saw a sharp rise in sophisticated campaigns targeting macOS users in the enterprise and the increasing adoption of cross-platform development frameworks.
2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise
Learn about the key macOS malware families from 2024, including tactics, IoCs, opportunities for detection, and links to further reading.
s1.ai
1 4 11
Reposted by techy
hegel.bsky.social
Tom Hegel @hegel.bsky.social · Jan 9
I’m biased, but wow—it’s so refreshing to get updates that genuinely help me better track threat actors. 🔥

www.validin.com/blog/threat_...
Tracking Threat Actors with Validin | Validin
Quickly identify threat actors and discover malicious infrastructure using Validin by viewing detailed descriptions on thousands of threat actors that Validin has cataloged
www.validin.com
4 11
techy.detectionengineering.net
techy @techy.detectionengineering.net · Jan 9
Bout to go wheels up!
1 3
Reposted by techy
6mile.githax.com
6mile @6mile.githax.com · Jan 8
Did a security researcher at Snyk really just publish malicious packages to NPM targeting Cursor.com?
2 8 40
techy.detectionengineering.net
techy @techy.detectionengineering.net · Jan 8
There has been for years! Just starting to see it be more impactful
4
Reposted by techy
whit.zip
Whitney Champion 🍪 @whit.zip · Jan 7
🎉 link and docs and details: nims-template.notion.site
Notion Incident Management System (NIMS) | Notion
Use the Template
nims-template.notion.site
1 1 5
Reposted by techy
eric.zip
Eric Capuano @eric.zip · Jan 7
🚀 Excited to announce the alpha release of NIMS - a Notion-based Incident Management System!

Designed for SOC/IR teams, NIMS helps streamline incident management and collaboration using Notion's powerful database features.

#InfoSec #DFIR #IncidentResponse #SecOps #Notion
Logo for Notion Incident Management System (NIMS)
4 21 73
Reposted by techy
lazarusholic.bsky.social
lazarusholic @lazarusholic.bsky.social · Jan 6
"North Korea-nexus Golang Backdoor/Stealer from Contagious Interview campaign" published by dmpdump. #ContagiousInterview, #DPRK, #CTI https://dmpdump.github.io/posts/NorthKorea_Backdoor_Stealer/
2 1
techy.detectionengineering.net
techy @techy.detectionengineering.net · Dec 31
Hi wanna “make plans”?
Reposted by techy
dasharez0ne.bsky.social
da share z0ne @dasharez0ne.bsky.social · Dec 18
IF IT AINT EXECUTTABLE IT AINT FOR ME - dashare.zone ADMIN
A SKLEATON WHO DOSENT HAVE THAT MUCH SPARE TIME FLICKEN OFF THERE COMPUTER YET AGAIN, BECUASE THE SOLUTION TO THERE PROBLEM IS TO DOCKER SOME KIND OF SHIT FROM OPEN SOURCE OR WHAT EVER, BIG NO THANK'S TO THAT , AND DA TEXT SAYS "THE ONLY DOCKER MY ASS IS EVER GONGA INSTALL IS STAIN RESISTENE BROWN WORK PANTS" - DASHARE.ZONE ADMIN - I WILL NEVER USE "GO" I WILL NEVER APT-GET DA ONLY PACKAGE IM INTRESTED IN HAS A BOW ON TOP AND IT S FROM SANTA MOTHER FUCKER - DASHARE.ZONE ADMIN
45 350