Building Thorough Detections via Detection Modeling

February 27, 2025

Get the Giveaway

In this episode, Andrew VanVleet walks us through detection modeling with a Detection Data Model (DDM). We'll map out an attack technique and build a thorough detection strategy using Kerberoasting (T1558.003) – cracking a password hash using Kerberos service tickets – as an example. Then we'll employ the model to create the most thorough detection strategy we can. Crafting solid detections isn’t just about writing rules, it’s about understanding attack techniques inside and out, and you'll get a front-row seat.

Episode Host Headshot
Alex Hurtado
Detection Dispatch Host, Anvilogic
Episode Host Headshot
Andrew VanVleet
Technical Architect, Financial Services Firm
Podcast

Episode 43: Building Thorough Detections via Detection Modeling