Episode 43: Building Thorough Detections via Detection Modeling

In this episode, host Alex Hurtado welcomes back Andrew VanVleet, who breaks down a comprehensive approach to technique analysis using Detection Data Models (DDMs). Andrew walks through a 10-step process for analyzing Kerberoasting (T1558.003), identifying four distinct attack procedures and their detection strategies. Learn how to map telemetry to detection opportunities, recognize security blind spots, and develop multi-layered strategies that make successful attacks nearly impossible. ...