Detection Engineering
SQL Injection Detection: A Defensive Guide
How to detect SQL injection across web, app, and database telemetry — with Sigma, Suricata, and SPL rules, a CVE-2025-1094 case study, and tuning tips. Lab-only.
#sigma
4 articles
Detection Engineering
JWT Misconfiguration: Detection and Defense
JWT misconfiguration detection and defense — alg:none, RS256-to-HS256 confusion, and kid injection, with header-logging detection, Sigma rules, and MITRE mapping.
Defensive Research
Anatomy of a Kerberoasting Attack — and How to Detect It
How Kerberoasting abuses service tickets to crack service-account passwords offline — and the Sigma detection and hardening that shut it down. Lab-only.
Detection Engineering
Writing Sigma Rules That Actually Fire (Not Just Compile)
A detection engineer's checklist for Sigma rules that survive contact with production — fidelity over coverage, tested logsources, tuned false positives, and CI.