@asimon

Detection Pipeline for CloudTrail Detection Engine

Nov 10, 2025 · 5 min read · Prolog I needed to come up with a detection for an AWS environment, that is cheap, will take custom detection (preferably Sigma rule for easier maintenance) and somewhat flexible/ customizable. I ended up using with the Lambda that consume sigma and ...

About idleak.net

Oct 7, 2025 · 6 min read · Prologue Cyber security is always evolving. No matter which topic of cyber you are working with, there is always a need to know and learn new stuff, constantly. On one hand, this means a never ending fun, finding out new stuff and trying out stuff, b...

CloudTrail Detection Engine

Sep 26, 2025 · 6 min read · TLDR: CloudTrail detection engine (CTDE), is an AWS native (i.e. using lambda and CloudTrail) detection engine. Requirement and Research For one of the work I did, I needed to come up with a detection for an AWS environment, that is cheap, will take ...

If I were to start validating my cloud detection...

Aug 3, 2025 · 7 min read · Prologue I had an interesting 45 minute conversation with a security engineer from a mostly-cloud company. We talked about how would one start a detection assessment program, mainly brainstorming ideas on what to test. It was an impromptu chat (kind ...

What Are Indicators of Compromise (IOCs) and Why Do They Matter?

Jun 21, 2025 · 2 min read · This article is an excerpt from my piece originally published on cdef.id. You can read the full article here. Indicators of Compromise (IOCs) are simply evidence that a cyber intrusion has occurred. They are the digital breadcrumbs left behind by att...