analyst@soc-hub:~$ detection-intel --mode live
// Hunt Smarter.
Detect Faster.
Respond Better.
Practical detection guides, hunt playbooks, and tool reviews for SOC analysts and detection engineers. Real techniques, real rules, real tradecraft.
56 Articles
49 Detection Guides
5 Hunt Playbooks
21 MITRE Mapped
// Featured Intel
view all → Detection Guide T1210
Detecting CVE-2026-41089 Netlogon RCE Exploitation Attempts
Detection guidance for CVE-2026-41089, the pre-authentication Netlogon stack buffer overflow actively exploited against domain controllers. Covers network-layer Suricata rules, Windows event log indicators, and a full Sigma detection for anomalous NRPC traffic and post-exploitation behaviour.
Detection Guide T1003.001
Detecting LSASS Credential Dumping on Windows
A practical detection guide for identifying Mimikatz, procdump, and other tools targeting LSASS memory. Covers Sysmon events, Windows Security logs, and Sigma rules you can deploy today.
// Recent Entries
view all → 2026-07-10 Detection Guide Detecting Windows Access Token Impersonation: T1134 Sigma Rules and KQL → 2026-07-09 Hunt Playbook Hunt Playbook: Detecting Interlock Ransomware from ClickFix to Encryption → 2026-07-08 Detection Guide Detecting BlueHammer (CVE-2026-33825): Microsoft Defender LPE in Ransomware Campaigns → 2026-07-07 Detection Guide Detecting RDP Lateral Movement: T1021.001 Detection with Sigma and KQL → 2026-07-06 Detection Guide Detecting VMware ESXi Ransomware: Hypervisor Attack Patterns and Detection Coverage → 2026-07-05 Detection Guide Detecting Qilin's WSL Evasion, BYOVD, and Chrome Credential Harvesting →
// intel feed
Stay Current on Detection Engineering
Subscribe to the RSS feed for new detection guides, hunt playbooks, and tool reviews as they're published.