analyst@soc-hub:~$ detection-intel --mode live

// Hunt Smarter.
Detect Faster.
Respond Better.

Practical detection guides, hunt playbooks, and tool reviews for SOC analysts and detection engineers. Real techniques, real rules, real tradecraft.

Browse Detections → Hunt Playbooks
8 Articles
5 Detection Guides
2 Hunt Playbooks
4 MITRE Mapped

// Featured Intel

view all →
Detection Guide T1003.001 2025-10-15
Detecting LSASS Credential Dumping on Windows
A practical detection guide for identifying Mimikatz, procdump, and other tools targeting LSASS memory. Covers Sysmon events, Windows Security logs, and Sigma rules you can deploy today.
credential-accessmimikatzlsass

// Recent Entries

view all →
2026-05-23 Detection Guide Detecting BYOVD: How to Hunt Ransomware EDR Killers Before They Blind Your Stack 2026-05-22 Detection Guide Detecting Malicious PowerShell Execution — From Script Block Logging to AMSI 2025-11-28 Hunt Playbook Hunting Living-Off-the-Land Binaries: certutil, mshta, regsvr32, and wscript 2025-11-18 Tool Review Velociraptor for Endpoint Threat Hunting: A Practical Guide 2025-11-10 Detection Guide Detecting C2 Beaconing and DNS Tunneling with Frequency Analysis 2025-11-01 Detection Guide Writing Sigma Rules from Scratch: A Practical Guide
// intel feed

Stay Current on Detection Engineering

Subscribe to the RSS feed for new detection guides, hunt playbooks, and tool reviews as they're published.

Subscribe via RSS