Detection Engineering Dispatch is a live series of 30 to 45-minute episodes featuring hands-on experiences, open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program.

Join your peers to knowledge share, deep-dive on technical best practices, and engage in discussions relevant to the detection engineering community.

Days Until The Next Live -Session

00
Days
:
00
Hrs
:
00
Min
:
00
Sec

Building Thorough Detections via Detection Modeling

Thursday, February 27th @ 11AM PT | 2PM ET
Online

In this episode, Andrew VanVleet walks us through detection modeling with a Detection Data Model (DDM). We'll map out an attack technique and build a thorough detection strategy using Kerberoasting (T1558.003) – cracking a password hash using Kerberos service tickets – as an example. Then we'll employ the model to create the most thorough detection strategy we can. Crafting solid detections isn’t just about writing rules, it’s about understanding attack techniques inside and out, and you'll get a front-row seat.

Episode Host Headshot
Alex Hurtado
Detection Dispatch Host, Anvilogic
Episode Host Headshot
Andrew VanVleet
Technical Architect, Financial Services Firm

Past Episodes & Resources