Detection Engineering Intelligence

Hunt Smarter.
Detect Faster.
Respond Better.

Practical detection guides, hunt playbooks, and tool reviews for SOC analysts and detection engineers. Real techniques, real rules, real tradecraft.

Browse Detections → Hunt Playbooks

7 Articles

4 Detection Guides

2 Hunt Playbooks

3 MITRE Mapped

Featured Articles

Detection Guide T1003.001 Oct 15, 2025

Detecting LSASS Credential Dumping on Windows

A practical detection guide for identifying Mimikatz, procdump, and other tools targeting LSASS memory. Covers Sysmon events, Windows Security logs, and Sigma rules you can deploy today.

credential-accessmimikatzlsass

Recent Articles

Detection Guide

Detecting Malicious PowerShell Execution — From Script Block Logging to AMSI

May 22, 2026 windows T1059.001

→ Hunt Playbook

Hunting Living-Off-the-Land Binaries: certutil, mshta, regsvr32, and wscript

Nov 28, 2025 windows T1218

→ Tool Review

Velociraptor for Endpoint Threat Hunting: A Practical Guide

Nov 18, 2025 windowslinux

→ Detection Guide

Detecting C2 Beaconing and DNS Tunneling with Frequency Analysis

Nov 10, 2025 windowslinux

→ Detection Guide

Writing Sigma Rules from Scratch: A Practical Guide

→ Hunt Playbook

Threat Hunting Lateral Movement via SMB, PsExec, and WMI

Oct 22, 2025 windows

Stay Current on Detection Engineering

Subscribe to the RSS feed for new detection guides, hunt playbooks, and tool reviews as they're published.

Subscribe via RSS