In this episode, host Alex Hurtado welcomes back Andrew VanVleet, who breaks down a comprehensive approach to technique analysis using Detection Data Models (DDMs). Andrew walks through a 10-step process for analyzing Kerberoasting (T1558.003), identifying four distinct attack procedures and their detection strategies. Learn how to map telemetry to detection opportunities, recognize security blind spots, and develop multi-layered strategies that make successful attacks nearly impossible.
Grab your notebook for this workshop-style episode that transforms complex threat modeling into actionable defense strategies that will leave attackers rolling the dice against increasingly unfavorable odds.
Join our live conversation bi-weekly on Thursdays! You only have to register once:
➡️ Register Here
Stay in the loop! Connect with us on social:
About Detection Engineering Dispatch
Detection Engineering Dispatch is a live series featuring open discussions and live case studies with security operations teams at leading companies on what it takes to build a great detection engineering program. Join your peers to share knowledge, deep dive into technical best practices, and engage in discussions relevant to the detection engineering community.
Detection Engineering Dispatch features candid conversations with security teams at top companies on how they build, measure, and scale world-class detection programs.
