Alex and Scott Rodgers unpack the F5 breach, Mandiant M-Trends highlights like the fall of BEACON, and the leapfrogging of Stolen Creds over Phishing. Expect: The infostealer industrial complexOperation MORPHEUS x BEACON’s quiet exitThe real meaning of “supply chain blast radius” & tight turnaround time reqsWhy screaming might actually save your sanityHit play. Stay unhinged. Detect responsibly. Detection Engineering Dispatch features candid conversations with security teams at top comp...

We unpack what modern EDRs actually deliver, where they fall short, and where to validate telemetry before you buy. EDR Telemetry Project co-founder, Kostas walks through the open-source EDR Project, the pros/cons of Sysmon, and how to evolve from alert consumers to detection engineers. And also....EDR Vendors dropping out of the MITRE ATT&CK Evaluations?? Show Note References: https://github.com/tsale/EDR-Telemetry?tab=readme-ov-file#edr-scoreshttps://www.edr-telemetry.com/ Detect...

On this Detection Dispatch, host Alex Hurtado sits down with Jake Berkowsky CTO at Snowflake to crack open one of the hottest and often misunderstood topics in modern SecOps: the rise of the security data lake x security data lakes as your SIEM. Modern detection architecture isn’t about choosing SIEM or lake, it's about interoperability, orchestration, and strategic flow. We cover federation hype and data silo upkeep fatigue and take a brutally honest look at why standalone SIEMs aren’t cutti...

In a world where SOCs are dissolving, job roles are glitching, and where the attack surface blurs between our work <> personal life between Slack & Discord, one thing remains constant: detection never sleeps. On this episode of Dispatch, we’re joined by Day Johnson — detection engineer at Amazon, architect of Cyberwox labs, and voice of clarity for 100K+ across LinkedIn, YouTube, and Twitter. From Datadog to the bleeding edge of cloud defense, Day’s been charting what it means to st...

Join Snowflake’s Insider Threat team for a direct discussion on separating everyday behavioral drift from true malicious intent. We examine role changes, privilege creep, and off-hour access, showing how context—identity, project timelines, and data lineage—sharpens detection and reduces noise. The conversation ends with a clear-eyed look at the trade-off between missing an insider and overwhelming analysts with false alerts, offering practical guidance for any modern UBA program. About Detec...

LLMs are rewriting the rules of app security—and not always in a good way. In this episode Alex sits down with Scott Rogers, a seasoned data scientist at ANvilogic to unpack why LLMs are the new wild west of application risk—and how old-school OWASP principles are making a serious comeback. We cover: Real-world prompt injection failures (yes, including Air Canada’s rogue chatbot)How RAG systems can accidentally leak sensitive dataWhy GenAI risk ≠ traditional appsec—but it rhymesHow classic to...

Everyone’s talking about agentic AI—but what are we actually building? In this episode, Oliver Rochford and Alex unpack five bitter pills security teams need to swallow about the current state of “agents.” Most aren’t autonomous, many are mislabeled, and flashy wrappers can’t hide weak detections or bad data. We dig into the hype, the gaps, and what real operational maturity looks like. If you're duct-taping GPT-4 to your SOC and hoping for magic, this one’s for you. Connect with Oliver on...

Is your detection logic doing too much? In this special episode, Alex sits down with Johnathan Dempsey to unpack the 5 signs your rules are too complex — and why that might be hurting more than helping. From alert overload to unreadable logic, learn how to simplify without sacrificing fidelity. If your detections look like a math thesis, this one’s for you. Stay in the loop! Connect with us: Join Dispatch Community: https://www.anvilogic.com/workshopWebsite: https://www.anvilogic.com/Linked...

We teamed up with Kennedy Torkura, CTO & Co-founder at Mitigant to test common S3 breach techniques—SSRF pivots, credential abuse, and more—against live cloud infrastructure using Anvilogic’s open-source AWS Detection Packs and threat scenarios. We cover: Which techniques slipped through detectionHow behavioral detections held upThe hygiene checklist every detection engineer should be usingBuckets were breached. Lessons were learned. Detections were challenged.And now, you get the inside...

Mike Hart returns to walk through URL Guardian, our new LLM for malicious URL detection. Now live on HuggingFace, it’s built to spot suspicious patterns and reduce false positives—without the regex headaches. Check out the Hugging Face here: https://huggingface.co/Anvilogic/URLGuardian Stay in the loop! Connect with us: Join Dispatch Community: https://www.anvilogic.com/workshopWebsite: https://www.anvilogic.com/LinkedIn: https://www.linkedin.com/company/anvilogic YouTube: https://www.yo...

Alex sits down with Kevin Gonzalez to pull back the curtain on User and Entity Behavior Analytics (UEBA), and expose the gap between its promises and real-world pitfalls. Hear his stories from the trenches of deploying UEBA multiple times at different organizations, and his blueprint for how teams should align UEBA with real attacker behaviors. Read his blog about his experience: https://www.anvilogic.com/learn/bg-ue... If you want to join our sessions live, join our community here: http...

Our last drop for International Women's Month featuring Sydney Marrone—Principal Threat Hunter at Splunk and co-author of PEAK Threat Hunting—to explore how ML-driven techniques are transforming detection strategies. Tune in to hear Sydney and Alex break down real-world applications of advanced analytics to surface threats hidden in HTTP datasets. Check out the HEARTH community on their github here: https://github.com/THORCollective/HEARTH If you want to join our sessions live, join ou...

This International Women’s Month, we’re celebrating leaders and supporters driving the future of threat hunting and detection engineering. Next up in our series is Edna Jonsson, a cybersecurity engineer and forever student of the trade, introducing DECEIVE—Splunk’s new DECeption with Evaluative Integrated Validation Engine. DECEIVE brings AI-powered honeypots directly into the hands of security teams, opening new possibilities for proactive threat intelligence and modern detection strategies....

Tune in with us for a discussion on HEARTH—a community-driven threat hunting GitHub repository that you’re going to want to fork as well as the importance of community intel-sharing. This episode is about community, innovation, and the women leading the way in threat hunting. Happy International Womens Month! Check out the HEARTH community on their github here: https://github.com/THORCollective/HEARTH If you want to join our sessions live, join our community here: https://www.anvilog...

In this episode, host Alex Hurtado welcomes back Andrew VanVleet, who breaks down a comprehensive approach to technique analysis using Detection Data Models (DDMs). Andrew walks through a 10-step process for analyzing Kerberoasting (T1558.003), identifying four distinct attack procedures and their detection strategies. Learn how to map telemetry to detection opportunities, recognize security blind spots, and develop multi-layered strategies that make successful attacks nearly impossible. ...

In this episode of Detection Dispatch, host Alex Hurtado welcomes Jimmel Peters (JP), a seasoned cyber threat detection engineer from a major media company, to unpack the million-dollar question: why are so many security teams still scratching their heads over detection engineering, even though everyone's talking about it? JP breaks it down for us, walking through how the field has evolved from a "nice-to-have" into an absolute necessity. He shares his take on why behavioral analysis is the n...

In this episode of Detection Dispatch, host Alex Hurtado welcomes Lee Archinal from Intel 471 to dive deep into 12 significant emerging threats observed in late 2024. From Dark Casino's financial sector targeting to the devastating healthcare attacks by Phobos ransomware, discover the latest threat actor behaviors and practical detection strategies. Learn how to leverage Intel 471's hunting packages across major EDR platforms and understand the critical intersection between threat hunting and...

In this episode, host Alex Hurtado welcomes Zack Allen, the creator of Detection Engineering Weekly and Sr. Director of Security Detection & Research, to explore the traits of high-performing detection engineers. Discover why having "T-shaped" skills (deep knowledge in one area while maintaining broader understanding across domains) trumps being a pure specialist, and learn how psychological safety and blameless culture drive team success. Zack shares insights on emerging trends like Dete...

In this episode, Alex sits down with Sergio Albea, an accomplished Threat Hunter, Researcher, User Behavior Analyst, and Senior Cloud Security Engineer/Architect, to share a must-have resource for detection engineers: the Top 10 KQL Queries of 2024. From detecting DLL hijacking and MFA fatigue to uncovering anonymous file access in OneDrive and SharePoint, we’ll walk through each query and the data feeds/sources required for detection and discuss their practical uses. Whether you’re new to K...

In this episode, Alex sits down with the brilliant Mike Hart, a data scientist whose mission is to outsmart the sneaky world of typosquatting attacks. Just in time for the holiday shopping frenzy, we explore how his open-source project leverages LLMs to safeguard users from clicking on malicious look-alike links. With online holiday shopping being a prime target for this attack vector, the risks of not double-checking URLs are bigger than ever. Organizations, especially those operating in hyb...