This eBook focuses on the vulnerabilities in enterprise security caused by evolving attack methods. It highlights how adversaries exploit gaps in visibility across endpoints, cloud, network, and identity domains, and offers insights on improving detection and response with Vectra AI’s technology.

This article explains how to use CloudFlare Workers for Conditional Access Payload Delivery (CAPD). It details the architecture, code implementation, and variations to enhance security and flexibility in delivering payloads while minimizing detection risks.

This article explores how AI agents, specifically Claude Code, streamline the threat hunting process in security operations. Using Model Context Protocol (MCP) servers, analysts can quickly gather evidence and prioritize threats for investigation, transforming a traditionally manual task into a more efficient workflow.

Magnet is a modular toolkit designed for generating telemetry and simulating malicious activity, primarily for testing detection rules. It can also serve as a decoy during red team engagements. The project is still developing and welcomes contributions.

TruffleHog has introduced a new feature that detects JSON Web Tokens (JWTs) signed with public-key cryptography and verifies their liveness. This capability has already identified hundreds of exposed JWTs shortly after deployment, improving security for users. However, it does not currently support shared-secret-based JWTs or those from non-routing IPs.

This article details the MongoBleed vulnerability (CVE-2025-14847) in MongoDB, which allows attackers to extract sensitive data from server memory without authentication. It outlines a detection method using Velociraptor to identify exploitation attempts by analyzing connection patterns in MongoDB logs.

This article details the features of the Security Detections MCP server, which allows LLMs to query various security detection rules. It highlights enhancements like improved error handling, dynamic pattern extraction, and the introduction of 11 pre-built prompts for common security tasks.

Vega offers a solution for security operations without the need for data migration or complex setups. Its AI-powered analytics and detection provide immediate visibility across all data, enabling faster and more effective security responses. You maintain control over your data while benefiting from rapid onboarding.

This article discusses the risks of prompt injection attacks on AI browser agents and presents a benchmark for evaluating detection mechanisms. It highlights the challenges in creating effective security systems and introduces a fine-tuned model that improves attack detection while maintaining user experience.

Detection engineering requires an understanding of how attackers exploit subtle flaws in detection rules. The article highlights five common pitfalls that can lead to missed threats, including parameter variations, command chaining, double spaces, obfuscation techniques, and unaudited commands. By addressing these issues, detection engineers can improve their rule-writing to better catch malicious activity.

ghbuster is a tool that identifies potentially malicious or inauthentic GitHub repositories and users through heuristics. It provides methods to detect suspicious activities such as unlinked email commits and coordinated stargazing, helping to maintain the integrity of the GitHub ecosystem. Users can easily install and run the tool with specific commands and can also generate documentation and run tests.

The article provides insights into detecting privilege escalation vulnerabilities in Active Directory Certificate Services (ADCS). It outlines various techniques and tools that can be employed to identify and mitigate these security risks effectively. The content emphasizes the importance of proactive security measures in safeguarding sensitive systems.

AutoPwnKey is a framework designed to enhance security awareness regarding the risks of AutoHotKey and AutoIT in red team engagements. It aims to equip red teams with tools to effectively test and assess security postures against evasive tactics used by adversaries, while encouraging ethical participation and contributions to improve detection capabilities. The ultimate goal is to make such attack vectors obsolete by advancing detection logic.

Cloudflared is a tunneling application that allows secure remote access to hosts and deployment of web applications without exposing them to the internet. However, it has also been misused by ransomware groups for maintaining unauthorized access within compromised environments. The article discusses various detection methods for identifying malicious Cloudflared instances, including analyzing account IDs and monitoring for anomalous activities.

The article discusses advancements in artificial intelligence aimed at defending against deepfake technology, which poses significant risks to personal and organizational security. It emphasizes the importance of developing robust detection methods to identify manipulated media and protect against misinformation. Additionally, the piece highlights the need for ongoing research and collaboration in this evolving field.

Bots can perform beneficial tasks but can also disrupt services and steal data. This guide provides strategies for detecting and stopping malicious bots, including monitoring traffic patterns, using bot detection tools, implementing honeypots, and applying rate limiting to control excessive requests.

Call stacks enhance malware detection by providing detailed insights into who is executing specific activities on Windows systems. By utilizing execution tracing features and enriching call stack data, Elastic's approach improves the ability to identify and respond to malicious behavior more effectively. The article emphasizes the importance of accurately analyzing call stacks to expose the lies malware authors use to conceal their actions.

AIDR-Bastion is a GenAI protection system that employs multiple detection engines to analyze user inputs and safeguard against malicious activity. It supports various detection rules, integrates with popular platforms for enhanced functionality, and features a flexible architecture that allows for extensibility and real-time analysis. The system is designed to provide comprehensive defense against adversarial prompt engineering and other AI-related threats.

BamboozlEDR is an Event Tracing for Windows (ETW) tool designed for generating realistic security events to test EDR detection capabilities and security monitoring solutions. It features a TUI interface, supports multiple Windows ETW providers, and includes advanced features such as event obfuscation to protect against static analysis. The tool is intended for research and testing purposes and requires user interaction to minimize misuse.