Detection Opportunities

• Detection-as-Code & CI/CD in Detection Engineering with Dennis Chow | EP. 9

  Detection as Code is one of the most important evolutions in modern security detection, and in this video, we break it down.I first encountered this concept as a Cloud Threat Detection Engineer at Datadog. Today, I’m joined by Dennis Chow, a Detection Engineering specialist and author of Automating Security Detection Engineering (which I had the honor of technically reviewing). Together, we explore what Detection as Code really means and walk through two hands-on CI/CD pipeline demos:🔹 Lab 1: Building SIEM detections with synthetic AI testing using Sumo Logic🔹 Lab 2: Policy-as-Code integration testing with Cloud Custodian on GCPYou’ll learn how Detection as Code leverages Git, automated testing, reproducibility, collaboration, and CI/CD to make detection engineering more scalable, accountable, and reliable.Dennis' BlogDennis' GithubDennis' LinkedIn_____________📁RESOURCES:→ GitHub repo for lab 1→ GitHub repo for lab 2→ Dennis’ book→ My book review→ Our podcast episode together_____________⚡️⁠⁠⁠⁠⁠⁠JOIN 6,000+ CWX MEMBERS ON DISCORD⁠⁠⁠⁠⁠⁠📰 ⁠⁠⁠⁠⁠⁠SUBSCRIBE TO THE CYBERWOX UNPLUGGED NEWSLETTER⁠⁠⁠⁠⁠⁠🥶 ⁠⁠⁠⁠⁠⁠CYBERWOX MERCH⁠⁠⁠⁠⁠⁠_____________🧬 CYBERWOX RESOURCES🔹 ⁠⁠⁠⁠⁠⁠Cyberwox Cybersecurity Notion Templates for planning your career⁠⁠⁠⁠⁠⁠🔹 ⁠⁠⁠⁠⁠⁠Cyberwox Best Entry-Level Cybersecurity Resume Template⁠⁠⁠⁠⁠⁠🔹 ⁠⁠⁠⁠⁠⁠Learn AWS Threat Detection with my LinkedIn Learning Course⁠⁠⁠⁠⁠⁠_____________📱 LET'S CONNECT → ⁠⁠⁠⁠⁠⁠IG⁠⁠⁠⁠⁠⁠→ ⁠⁠⁠⁠⁠⁠Threads⁠⁠⁠⁠⁠⁠→ ⁠⁠⁠⁠⁠⁠Substack⁠⁠⁠⁠⁠⁠→ ⁠⁠⁠⁠⁠⁠Twitter⁠⁠⁠⁠⁠⁠→ ⁠⁠⁠⁠⁠⁠Linkedin⁠⁠⁠⁠⁠⁠→ ⁠⁠⁠⁠⁠⁠Tiktok⁠⁠⁠⁠⁠⁠Email: [email protected]_____________⚠️DISCLAIMERThis description has some affiliate links, and I may receive a small commission for purchases made through these links. I appreciate your support!

  --------  

  43:01

  --------

  43:01
• Applying AI, LLMs & Prompt Engineering for Threat Detection with Dylan Williams | EP. 8

  Visit my ⁠sponsor⁠ to view the current average annual salary for a Cybersecurity degree and learn how to get started.I had the pleasure of hosting Dylan Williams and we explored how AI can be applied in cybersecurity, focusing on threat detection. We also examined how his project, D.I.A.N.A., turns threat intelligence reports into actual detections.Connect with DylanDylan's Resource on Applying LLMs & GenAI to CybersecurityDylan's MediumD.I.A.N.A ProjectDI.A.N.A App_____________TIMESTAMPS00:00 Intro01:39 Dylan's Background02:40 How Dylan started exploring AI03:07 SNHU04:36 Dylan's ChatGPT Moment06:22 Training LLMs for Cybersecurity09:53 Updating LLMs14:27 D.I.A.N.A - Detection and Intelligence Analysis for New Alerts17:07 Going from Threat Intelligence to Threat Detection32:02 Getting started with LLMs & Gen AI for Cybersecurity33:55 Connect with Dylan35:12 Outro_____________⚡️⁠⁠⁠⁠⁠JOIN 6,000+ CWX MEMBERS ON DISCORD⁠⁠⁠⁠⁠📰 ⁠⁠⁠⁠⁠SUBSCRIBE TO THE CYBERWOX UNPLUGGED NEWSLETTER⁠⁠⁠⁠⁠🥶 ⁠⁠⁠⁠⁠CYBERWOX MERCH⁠⁠⁠⁠⁠_____________🧬 CYBERWOX RESOURCES🔹 ⁠⁠⁠⁠⁠Cyberwox Cybersecurity Notion Templates for planning your career⁠⁠⁠⁠⁠🔹 ⁠⁠⁠⁠⁠Cyberwox Best Entry-Level Cybersecurity Resume Template⁠⁠⁠⁠⁠🔹 ⁠⁠⁠⁠⁠Learn AWS Threat Detection with my LinkedIn Learning Course⁠⁠⁠⁠⁠_____________📱 LET'S CONNECT → ⁠⁠⁠⁠⁠IG⁠⁠⁠⁠⁠→ ⁠⁠⁠⁠⁠Threads⁠⁠⁠⁠⁠→ ⁠⁠⁠⁠⁠Substack⁠⁠⁠⁠⁠→ ⁠⁠⁠⁠⁠Twitter⁠⁠⁠⁠⁠→ ⁠⁠⁠⁠⁠Linkedin⁠⁠⁠⁠⁠→ ⁠⁠⁠⁠⁠Tiktok⁠⁠⁠⁠⁠Email: [email protected]_____________⚠️DISCLAIMERThis description has some affiliate links, and I may receive a small commission for purchases made through these links. I appreciate your support!

  --------  

  35:24

  --------

  35:24
• Get-RoleGroup - Detecting Attacker Enumeration in Microsoft 365 Exchange with Purav Desai | EP. 7

  Visit my sponsor to view the current average annual salary for a Cybersecurity degree and learn how to get started.⁠Purav's LinkedIn⁠⁠Deciphering UALExchange Admin Audit LoggingOffice365 Management Activity APIConnect-IPPSSession_____________TIMESTAMPS:00:00 Intro00:36 Get-RoleGroup Operation01:37 Enumeration is not logged??05:53 SNHU07:22 Using the Security Compliance Center EOPCmdlet08:54 Abusing Purview Compliance & E-Discovery10:21 Useful Log Fields & Key Fields of note12:48 Attack Demo14:45 Fields to Decipher15:51 How To Detect/Analyse17:59 Get-RoleGroupMember19:39 Useful Log Fields20:30 Attack Demo23:01 Segmentation Of Behaviors23:57 Connect-IPPSSession26:07 Final Thoughts27:40 Outro_____________⚡️⁠⁠⁠⁠JOIN 6,000+ CWX MEMBERS ON DISCORD⁠⁠⁠⁠📰 ⁠⁠⁠⁠SUBSCRIBE TO THE CYBERWOX UNPLUGGED NEWSLETTER⁠⁠⁠⁠🥶 ⁠⁠⁠⁠CYBERWOX MERCH⁠⁠⁠⁠_____________🧬 CYBERWOX RESOURCES🔹 ⁠⁠⁠⁠Cyberwox Cybersecurity Notion Templates for planning your career⁠⁠⁠⁠🔹 ⁠⁠⁠⁠Cyberwox Best Entry-Level Cybersecurity Resume Template⁠⁠⁠⁠🔹 ⁠⁠⁠⁠Learn AWS Threat Detection with my LinkedIn Learning Course⁠⁠⁠⁠_____________📱 LET'S CONNECT → ⁠⁠⁠⁠IG⁠⁠⁠⁠→ ⁠⁠⁠⁠Threads⁠⁠⁠⁠→ ⁠⁠⁠⁠Substack⁠⁠⁠⁠→ ⁠⁠⁠⁠Twitter⁠⁠⁠⁠→ ⁠⁠⁠⁠Linkedin⁠⁠⁠⁠→ ⁠⁠⁠⁠Tiktok⁠⁠⁠⁠Email: [email protected]_____________⚠️DISCLAIMERThis description has some affiliate links, and I may receive a small commission for purchases made through these links. I appreciate your support!

  --------  

  27:52

  --------

  27:52
• Add-RoleGroupMember - Detecting Persistence in Microsoft 365 Exchange with Purav Desai | EP. 6

  Learn how to decipher the Microsoft Unified Audit Log (UAL) from a Digital Forensics & Incident Response (DFIR) perspective with Purav Desai, an experienced M365/Azure Incident Responder. In today's episode, we explore the Add-RoleGroupMember operation in Exchange Online.Purav's LinkedInDeciphering UALMicrosoft Application IDsPermission Alert Policy_____________TIMESTAMPS:00:00 Intro00:48 Add-RoleGroupMember Overview03:22 The Result Status04:53 The Application IDs08:59 Key Fields of Note10:39 Fields to Decipher20:14 Detection - Permission Alert Policies23:18 Custom Alerting24:32 Final Thoughts25:39 Outro_____________⚡️⁠⁠⁠JOIN 6,000+ CWX MEMBERS ON DISCORD⁠⁠⁠📰 ⁠⁠⁠SUBSCRIBE TO THE CYBERWOX UNPLUGGED NEWSLETTER⁠⁠⁠🥶 ⁠⁠⁠CYBERWOX MERCH⁠⁠⁠_____________🧬 CYBERWOX RESOURCES🔹 ⁠⁠⁠Cyberwox Cybersecurity Notion Templates for planning your career⁠⁠⁠🔹 ⁠⁠⁠Cyberwox Best Entry-Level Cybersecurity Resume Template⁠⁠⁠🔹 ⁠⁠⁠Learn AWS Threat Detection with my LinkedIn Learning Course⁠⁠⁠_____________📱 LET'S CONNECT → ⁠⁠⁠IG⁠⁠⁠→ ⁠⁠⁠Threads⁠⁠⁠→ ⁠⁠⁠Substack⁠⁠⁠→ ⁠⁠⁠Twitter⁠⁠⁠→ ⁠⁠⁠Linkedin⁠⁠⁠→ ⁠⁠⁠Tiktok⁠⁠⁠Email: [email protected]_____________⚠️DISCLAIMERThis description has some affiliate links, and I may receive a small commission for purchases made through these links. I appreciate your support!

  --------  

  25:40

  --------

  25:40
• New-RoleGroup - Detecting Privilege Escalation in Microsoft 365 with Purav Desai | EP. 5

  Learn how to decipher the Microsoft Unified Audit Log (UAL) from a Digital Forensics & Incident Response (DFIR) perspective with Purav Desai, an experienced M365/Azure Incident Responder.⁠Purav's LinkedIn⁠⁠Deciphering UAL⁠⁠Learn about auditing solutions in Microsoft Purview⁠_____________TIMESTAMPS00:00 Intro00:20 Deciphering New-RoleGroup09:06 Key Fields10:11 Deciphering with Exchange Online PowerShell13:42 Detection Opportunities16:16 SIEM & Attacker Tactics21:43 Outro_____________⚡️⁠⁠JOIN 6,000+ CWX MEMBERS ON DISCORD⁠⁠📰 ⁠⁠SUBSCRIBE TO THE CYBERWOX UNPLUGGED NEWSLETTER⁠⁠🥶 ⁠⁠CYBERWOX MERCH⁠⁠_____________🧬 CYBERWOX RESOURCES🔹 ⁠⁠Cyberwox Cybersecurity Notion Templates for planning your career⁠⁠🔹 ⁠⁠Cyberwox Best Entry-Level Cybersecurity Resume Template⁠⁠🔹 ⁠⁠Learn AWS Threat Detection with my LinkedIn Learning Course⁠⁠_____________📱 LET'S CONNECT → ⁠⁠IG⁠⁠→ ⁠⁠Threads⁠⁠→ ⁠⁠Substack⁠⁠→ ⁠⁠Twitter⁠⁠→ ⁠⁠Linkedin⁠⁠→ ⁠⁠Tiktok⁠⁠Email: [email protected]_____________⚠️DISCLAIMERThis description has some affiliate links, and I may receive a small commission for purchases made through these links. I appreciate your support!Email: [email protected]

  --------  

  21:53

  --------

  21:53

Plus de podcasts Technologies

Podcasts tendance de Technologies

À propos de Detection Opportunities

Detection Opportunities: Podcasts du groupe