Malicious Encoded PowerShell: Detecting, Decoding & Modeling

The challenges and insights from dealing with this PS one-liner I usually start with a bit of motivational words but in this case I'm simply quoting the nice Threat Detection report Red Canary team (now, ZScaler ) published this year: "PowerShell's versatility and ubiquitousness minimize the need for adversaries to customize payloads or download overtly malicious tools on a target system." Note: Consider jumping to "How to detect encoded commands in logs?" for the technical discussion, regex...

Malicious Encoded PowerShell: Detecting, Decoding & Modeling

The challenges and insights from dealing with this PS one-liner I usually start with a bit of motivational words but in this case I'm simply quoting the nice Threat Detection report Red Canary team (now, ZScaler ) published this year: "PowerShell's versatility and ubiquitousness minimize the need for adversaries to customize payloads or download overtly malicious tools on a target system." Note: Consider jumping to "How to detect encoded commands in logs?" for the technical discussion, regex...

Building effective threat hunting and detection rules in Elastic Security

Meet the Cybersecurity Startups Beating Hackers at Their Own Game

Review the top cybersecurity startups driving innovation in cloud security, threat detection, and DevSecOps with high growth potential.

Okta Security Releases Auth0 Event Logs for Proactive Threat Detection

Okta has announced the launch of the Auth0 Customer Detection Catalog, a comprehensive open-source repository designed to enhance proactive threat detection capabilities for Auth0 customers. This strategic release represents a significant advancement in identity and access management security, providing security teams with sophisticated detection rules to identify and respond to emerging threats across their authentication

Det. Eng. Weekly #125 - I'm the Miss Rachel of Threat Detection

Uh oh that's a bad rule!

Okta open-sources catalog of Auth0 rules for threat detection

Okta has open-sourced ready-made Sigma-based queries for Auth0 customers to detect account takeovers, misconfigurations, and suspicious behavior in event logs.

RMSL: Weakly-Supervised Insider Threat Detection with Robust Multi-sphere Learning

arXiv:2508.11472v1 Announce Type: new Abstract: Insider threat detection aims to identify malicious user behavior by analyzing logs that record user interactions. Due to the lack of fine-grained behavior-level annotations, detecting specific behavior-level anomalies within user behavior sequences is challenging. Unsupervised methods face high false positive rates and miss rates due to the inherent ambiguity between normal and anomalous behaviors. In this work, we instead introduce weak labels...

Best cloud security platform for ~100 person org?

Hey everyone, I'm looking for advice on choosing the best cloud security platform for a mid-sized organization (about 100 people). We're currently evaluating different options and want something that balances strong threat detection, compliance support, ease of management, and cost efficiency. Our team doesn't have a huge dedicated security department, so usability and integrations are also important factors. If you've worked with platforms like Prisma Cloud, Wiz, Lacework, Orca, or others, I'd...