Building Thorough Detections via Detection Modeling
February 27, 2025
Get the GiveawayIn this episode, Andrew VanVleet walks us through detection modeling with a Detection Data Model (DDM). We'll map out an attack technique and build a thorough detection strategy using Kerberoasting (T1558.003) – cracking a password hash using Kerberos service tickets – as an example. Then we'll employ the model to create the most thorough detection strategy we can. Crafting solid detections isn’t just about writing rules, it’s about understanding attack techniques inside and out, and you'll get a front-row seat.

Alex Hurtado
Detection Dispatch Host, Anvilogic

Andrew VanVleet
Technical Architect, Financial Services Firm
Additional Resources

Podcast