Archive - Detection Engineering Weekly

What are Atomic Detection Rules?

The first and last rules you'll likely write :)

Dec 15 • Zack Allen

DEW #140 - SVG Filter ClickJacking, Detection Engineering "Onboarding" and React2Shell spotlight

my detection unc status is probably at an all time high and i'm here for it

Dec 10 • Zack Allen

DEW #139 - Detection Surface, Frontier Models are good at SecOps & THREE YEAR ANNIVERSARY!

I graduated from the terrible twos to a threenager

Dec 3 • Zack Allen

November 2025

DEW #138 - Sigma's Detection Quality Pipeline, Anthropic finds AI-first APT & eBPF shenanigans

vibing APTs, we really out here frfr

Nov 19 • Zack Allen

DEW #137 - AI Agents For Security By Security, Free Sigma training & JA4 for beginners

The Louvre's WiFi password should've been ervouL

Nov 12 • Zack Allen

DEW #136 - ATT&CK V18 deep dive, Cyberslop @ MIT & Aisuru repurposes to residential proxies

Action Bronson voice: "I hunt cyberslop on my arch box, Vicuña pajamas draped, terrace views in Amalfi"

Nov 5 • Zack Allen

October 2025

DEW #135 - Chaos Detection Engineering, Connecting Policy to IR playbooks & Spooky AWS Policies

spooky scary detection rules keepin' me up at night

Oct 29 • Zack Allen

DEW #134 - Prioritizing Critical Assets, AI SOC means MORE alerts and Microsoft CoPilot Phishing

Have you tried just being 100% accurate all the time you goober?

Oct 22 • Zack Allen

DEW #133 - Redefining Security Visibility, TTP-First Hunting & F5 breach

we should define a standard to unite all standards

Oct 16 • Zack Allen

DEW #132 - Linux Rootkits Evolution, LLM Rule Evals, Oracle 0-day exploitation

༼ つ ಥ_ಥ ༽つ noo all my rootkits are obsolete ლ(ಠ益ಠლ)

Oct 8 • Zack Allen

DEW #131 - ❄️New EDR bypass❄️, CTI Poverty, AWS Infra Canaries & Hunting in IMDS

🫂GET IN🫂CLICK🫂HUNTING🫂NEWS🫂THREAT ACTOR HARMONY🫂DRAMA🫂RULES🫂IOC JUICERS

Oct 1 • Zack Allen

September 2025

DEW #130 - God-mode Azure vulnerability, Composite Detections & Detection Observability

power overwhelming

Sep 24 • Zack Allen

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts