🔍 Detection Engineering - buckman

🔐Infosec Blog

cloud.google.com·

EventSentry 6.0: Azure logs, Sigma rules, OAuth, and log signing

🛡️Sigma Rules

4sysops.com·

UK Cybercrime Journal: Arup Group Breached by FulcrumSec

🔐Infosec Blog

blog.bushidotoken.net··Blogger

supunhg/filo-go: High-performance file forensics and digital intelligence platform written in Go.

🌐Open Source Code

github.com··DEV

Identify shebang files via Threat Hunting (+ KQL Queries)

🐚Shell Scripting

detect.fyi·

Learn Threat Hunting for Free: Hands-On Labs in a Real Elastic SIEM

🔎threat hunting Blog

medium.com

Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting

🔎threat hunting Blog

blog.talosintelligence.com·

The SIEM Isn't Dying. Its Job Is Splitting in Two.

🚨Incident Response Blog

dev.to··DEV

dougburks/ohmypcap: OhMyPCAP is a FOSS web application for analyzing PCAP files using Suricata and other files using YARA. View network alerts and file alerts, browse network metadata (DNS, HTTP, TLS, flows), extract ASCII transcripts, view per-packet hexdumps, and carve individual streams.

📦Containerization Code

github.com·

Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver

🚨Incident Response

thehackernews.com·

Soap Box: Detection and response in the AI age

🚨Incident Response

risky.biz·

TryHackMe — Boogeyman 3 — Analysis With Splunk

👁️SIEM Evasion Blog

medium.com

Agentic SOCs: The public sector’s new AI cybersecurity defense

💻WMI Abuse Blog

elastic.co·

detflow: A Detection-Engineering Copilot You Can pip install

💬NLP Blog

dev.to··DEV

ThreatWire: A Python Library for Real-Time Network Threat Detection.

💻WMI Abuse Blog

dev.to··DEV

Winning the cyber marathon with Tony Giandomenico

🔎threat hunting Blog

blog.talosintelligence.com·

Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting

🔎threat hunting

malware.news·

No more posts from buckman's subscribed feeds.

Scour all 25255 feeds Learn more about Feeds

Automating Threat Hunts: Building a SOC on a Startup Budget

How to Train Your (Dragons) Analysts

Identify shebang files via Threat Hunting (+ KQL Queries)

Detecting and containing AI-powered threats with Google Security Operations agents

EventSentry 6.0: Azure logs, Sigma rules, OAuth, and log signing

UK Cybercrime Journal: Arup Group Breached by FulcrumSec

supunhg/filo-go: High-performance file forensics and digital intelligence platform written in Go.

Identify shebang files via Threat Hunting (+ KQL Queries)

Learn Threat Hunting for Free: Hands-On Labs in a Real Elastic SIEM

Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting

The SIEM Isn't Dying. Its Job Is Splitting in Two.

dougburks/ohmypcap: OhMyPCAP is a FOSS web application for analyzing PCAP files using Suricata and other files using YARA. View network alerts and file alerts, browse network metadata (DNS, HTTP, TLS, flows), extract ASCII transcripts, view per-packet hexdumps, and carve individual streams.

Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver

Soap Box: Detection and response in the AI age

TryHackMe — Boogeyman 3 — Analysis With Splunk

Agentic SOCs: The public sector’s new AI cybersecurity defense

detflow: A Detection-Engineering Copilot You Can pip install

ThreatWire: A Python Library for Real-Time Network Threat Detection.

Winning the cyber marathon with Tony Giandomenico

Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting