Nothing here yet.
Nothing here yet.
1d ago · 4 min read · Part 3 of a series on building a detection engineering lab in Microsoft Sentinel. This post: registry persistence, a textbook false positive, and the single most important lesson in detection engineer
Join discussion
1d ago · 4 min read · Part 2 of a series on building a detection engineering lab in Microsoft Sentinel. This post: hunting malicious PowerShell with Sysmon, and the difference between volume detections and signature detect
Join discussion
1d ago · 7 min read · Part 1 of a series on building a detection engineering lab in Microsoft Sentinel from scratch. This post: writing my first detection, and the parsing bug that taught me more than the detection itself.
Join discussion