TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Black Hills InfoSec

The Detection Engineering Process

BHIS · 2024-11-18 · Read original ↗

ATT&CK techniques detected

4 predictions
T1021.002SMB/Windows Admin Shares
86%
"for. and this research should be based off of that initial detection story. you should be very careful of this scope. you can very easily find yourself branching out too far. like you could go from, ps exec plain text authentication to just looking for ps exec or maybe ps exec in…"
T1569.002Service Execution
61%
"for. and this research should be based off of that initial detection story. you should be very careful of this scope. you can very easily find yourself branching out too far. like you could go from, ps exec plain text authentication to just looking for ps exec or maybe ps exec in…"
T1018Remote System Discovery
40%
"they ’ ll see all the other events that occur. you only want one alert. otherwise, while they ’ re trying to investigate this one, you ’ ll get a billion more that are just the same thing and they ’ re nothing but distracting. so suppression buffering. you want to align this to w…"
T1518.001Security Software Discovery
31%
"the detection engineering process the detection engineering process this webcast was originally published on november 8, 2024. in this video, hayden covington discusses the detection engineering process and how to apply the scientific method to improve the quality of detections. …"

Summary

This webcast was originally published on November 8, 2024. In this video, Hayden Covington discusses the detection engineering process and how to apply the scientific method to improve the quality […]

The post The Detection Engineering Process appeared first on Black Hills Information Security, Inc..