Topic hub

Detection Engineering

Writing, tuning, and testing detections: Sigma rules, YARA signatures, Suricata/Snort, threat hunting, and the telemetry pipeline that turns an attack into an alert before it becomes an incident.

5 articles

Web Application Defense

SSRF Detection Without Exploit Code

SSRF detection without running exploits — metadata-access signatures, Sigma/Suricata/CloudTrail rules, IMDSv2 defense, a CVE-2025-53767 case, and tuning tips.

June 21, 2026 6 min read

Detection Engineering

SQL Injection Detection: A Defensive Guide

How to detect SQL injection across web, app, and database telemetry — with Sigma, Suricata, and SPL rules, a CVE-2025-1094 case study, and tuning tips. Lab-only.

June 21, 2026 8 min read

Detection Engineering

JWT Misconfiguration: Detection and Defense

JWT misconfiguration detection and defense — alg:none, RS256-to-HS256 confusion, and kid injection, with header-logging detection, Sigma rules, and MITRE mapping.

June 21, 2026 6 min read

Detection Engineering

XSS CSP Hardening for Blue Teams

XSS CSP hardening for blue teams — a strict nonce-based policy, CSP violation reports as a detection feed, Sigma and Suricata rules, tuning, and MITRE mapping.

June 21, 2026 6 min read

Detection as Code

Detection Engineering

Writing Sigma Rules That Actually Fire (Not Just Compile)

A detection engineer's checklist for Sigma rules that survive contact with production — fidelity over coverage, tested logsources, tuned false positives, and CI.

June 16, 2026 3 min read

Newsletter

The darkpwn dispatch

Defensive security research — detection, hardening, and hardware — delivered when there is something worth saying. No spam, unsubscribe anytime.