A Beginner’s Guide to Adversary Emulation with Caldera

Target Audience The target audience for this blog post is individuals who have a basic understanding of cybersecurity concepts and terminology and looking to expand their knowledge on adversary emulation. This post delves into the details of adversary emulation with the Caldera framework exploring the benefits it offers. By catering to a beginner to intermediate … Continue reading A Beginner’s Guide to Adversary Emulation with Caldera →

The SOC Toolbox: Analyzing AutoHotKey compiled executables

A quick post on how to extract AutoHotKey scripts from an AutoHotKey script compiled executable.

DeTT&CT: Automate your detection coverage with dettectinator

Introduction Last year, I published an article on mapping detection to the MITRE ATT&CK framework using DeTT&CT. In the article, we introduced DeTT&CT and explored its features and usage. If you missed it, you can find the article here. Although, after writing that article, I encountered some challenges. For instance, I considered using DeTT&CT in … Continue reading DeTT&CT: Automate your detection coverage with dettectinator →

DeTT&CT : Mapping detection to MITRE ATT&CK

Introduction Building detection is a complex task, especially with a constantly increasing amount of data sources. Keeping track of these data sources and their appropriate detection rules or avoiding duplicate detection rules covering the same techniques can give a hard time to detection engineers. For a SOC, it is crucial to have an good overview … Continue reading DeTT&CT : Mapping detection to MITRE ATT&CK →