Homepage
Open in app
Sign in
Get started
threatpunter
Detection & Response Engineering • Threat Hunting • Threat Research
Follow
From soup to nuts: Building a Detection-as-Code pipeline
From soup to nuts: Building a Detection-as-Code pipeline
Part 2 of 2
David French
Jul 27, 2023
From soup to nuts: Building a Detection-as-Code pipeline
From soup to nuts: Building a Detection-as-Code pipeline
Part 1 of 2
David French
Jul 27, 2023
Threat hunting in Okta logs
Threat hunting in Okta logs
Threat hunting tips to help blue teams defend their Okta Single Sign-On (SSO) organization from attack.
David French
Jul 12, 2022
Testing your Okta visibility and detection with Dorothy and Elastic Security
Testing your Okta visibility and detection with Dorothy and Elastic Security
Dorothy has 25+ modules to simulate actions an attacker may take while operating in an Okta environment.
David French
Dec 14, 2020
Detecting Adversary Tradecraft with Image Load Event Logging and EQL
Detecting Adversary Tradecraft with Image Load Event Logging and EQL
While examining some malicious Microsoft Office and PE files to look for detection opportunities, I came across a few samples where…
David French
Aug 16, 2019
Detecting & Removing WMI Persistence
Detecting & Removing WMI Persistence
Windows Management Instrumentation (WMI) Event Subscription is a popular technique to establish persistence on an endpoint. I decided to…
David French
Oct 9, 2018
Detecting Attempts to Steal Passwords from Memory
Detecting Attempts to Steal Passwords from Memory
An adversary can harvest credentials from the Local Security Authority Subsystem Service (LSASS) process in memory once they have…
David French
Oct 2, 2018
About threatpunter
Latest Stories
Archive
About Medium
Terms
Privacy
Teams
