Detection Engineering
SSRF Detection Without Exploit Code
SSRF detection without running exploits — metadata-access signatures, Sigma/Suricata/CloudTrail rules, IMDSv2 defense, a CVE-2025-53767 case, and tuning tips.
#detection-engineering
6 articles
Detection Engineering
SQL Injection Detection: A Defensive Guide
How to detect SQL injection across web, app, and database telemetry — with Sigma, Suricata, and SPL rules, a CVE-2025-1094 case study, and tuning tips. Lab-only.
Detection Engineering
JWT Misconfiguration: Detection and Defense
JWT misconfiguration detection and defense — alg:none, RS256-to-HS256 confusion, and kid injection, with header-logging detection, Sigma rules, and MITRE mapping.
Defensive Research
Broken Access Control Testing for Defenders
Broken access control testing for defenders — detect IDOR and BOLA from authorization-failure telemetry with Sigma and SPL rules, plus deny-by-default hardening.
Detection Engineering
XSS CSP Hardening for Blue Teams
XSS CSP hardening for blue teams — a strict nonce-based policy, CSP violation reports as a detection feed, Sigma and Suricata rules, tuning, and MITRE mapping.
Detection Engineering
Writing Sigma Rules That Actually Fire (Not Just Compile)
A detection engineer's checklist for Sigma rules that survive contact with production — fidelity over coverage, tested logsources, tuned false positives, and CI.