Detection Engineering | DevSecOpsDadAttack

Detection logic. Triage guidance. Engineering notes.

Detection engineering from the DevSecOpsDad lab.

Practical detection engineering focused on turning threat intelligence into validated detections, KQL analytics, ATT&CK mapping, tuning guidance, triage workflows, and operationally useful security content.

Detection Engineering Brief - Thursday, June 18, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on June 18, 2026

Executive Signal [Read More]
Tags:
- detection-engineering
- kql
- Dropping Elephant
- T1574.002
- T1055
- Fondue.exe
- Windows
- RAT
- Donut
- Tor
- npm
- Mastra
- developer endpoints
- CI/CD
- SSH
- Linux
- T1110
Detection Engineering Brief - Wednesday, June 17, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on June 17, 2026

Executive Signal [Read More]
Tags:
Detection Engineering Brief - Tuesday, June 16, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on June 16, 2026

Executive Signal [Read More]
Tags:
- detection-engineering
- kql
- Remcos RAT
- Windows
- T1059
- MSI
- T1059.007
- T1071
- T1218
- T1218.007
- T1036
Detection Engineering Brief - Monday, June 15, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on June 15, 2026

Executive Signal [Read More]
Tags:
- detection-engineering
- kql
- CVE-2026-35273
- T1190
- Oracle PeopleSoft
- PeopleTools
- Windows
- T1059
- T1218
- T1218.007
Detection Engineering Brief - Sunday, June 14, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on June 14, 2026

Executive Signal [Read More]
Tags:
Detection Engineering Brief - Friday, June 12, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on June 12, 2026

Executive Signal [Read More]
Tags:
Detection Engineering Brief - Thursday, June 11, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on June 11, 2026

Executive Signal [Read More]
Tags:
- detection-engineering
- kql
- CVE-2026-10523
- T1190
- Ivanti Sentry
- MobileIron Sentry
- CVE-2026-10520
- T1059
- cloud
- T1136
- T1136.001
- T1562
- T1562.008
Detection Engineering Brief - Wednesday, June 10, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on June 10, 2026

Executive Signal [Read More]
Tags:
- detection-engineering
- kql
- CVE-2026-10520
- CVE-2026-10523
- T1059
- Ivanti Sentry
- MobileIron Sentry
- T1136
- T1562.008
- cloud
- CVE-2026-0257
- T1190
- PAN-OS
- T1562
Detection Engineering Brief - Tuesday, June 9, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on June 9, 2026

Executive Signal [Read More]
Tags:
Detection Engineering Brief - Monday, June 8, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on June 8, 2026

Executive Signal [Read More]
Tags:
- detection-engineering
- kql
- T1190
- T1059
- Apache ActiveMQ
- Windows
- Linux
- Metasploit
- Gogs
Detection Engineering Brief - Saturday, June 6, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on June 6, 2026

Executive Signal [Read More]
Tags:
- detection-engineering
- kql
- T1190
- Apache ActiveMQ
- Linux
- Metasploit
- Gogs
- WeTransfer
- Windows
- MSI
Detection Engineering Brief - Friday, June 5, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on June 5, 2026

Executive Signal [Read More]
Tags:
- detection-engineering
- kql
- npm
- GitHub
- CI/CD
- developer systems
- cloud platforms
- Windows
- Linux
- macOS
- MSI
- swagger.json
- Web applications
- APIs
- T1537
- T1098
- T1105
- T1566
- T1566.002
- T1204
- T1204.002
- T1027
- T1595
- T1595.002
- T1590
- T1590.005
Detection Engineering Brief - Thursday, June 4, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on June 4, 2026

Executive Signal [Read More]
Tags:
- detection-engineering
- kql
- npm
- GitHub
- CI/CD environments
- developer workstations
- cloud platforms
- Argamal
- Windows
- T1552
- T1552.001
- T1041
- T1071
- T1071.001
- T1547
- T1547.001
Detection Engineering Brief - Wednesday, June 3, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on June 3, 2026

Executive Signal [Read More]
Tags:
- detection-engineering
- kql
- npm
- CI/CD environments
- developer systems
- cloud platforms
- GitHub
- macOS
- FlutterShell
- T1552
- T1552.001
- T1053
- T1053.003
- T1547
- T1547.001
- T1543
- T1543.001
- T1547.013
Detection Engineering Brief - Tuesday, June 2, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on June 2, 2026

Executive Signal [Read More]
Tags:
- detection-engineering
- kql
- NetSupport RAT
- Windows
- FlutterShell
- macOS
- containers
- cloud
- T1071
- T1543.001
- T1543.004
- T1543
- T1552.001
- T1526
- T1552
Detection Engineering Brief - Monday, June 1, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on June 1, 2026

Executive Signal [Read More]
Tags:
- detection-engineering
- kql
- npm
- Windows
- macOS
- Linux
- CVE-2026-0257
- T1190
- PAN-OS
- Prisma Access
- GlobalProtect
- NetSupport RAT
- T1059.007
- T1041
- T1059
- T1071.001
- T1095
- T1071
Detection Engineering Brief - Saturday, May 30, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on May 30, 2026

Executive Signal [Read More]
Tags:
- detection-engineering
- kql
- npm
- developer environments
- build environments
- Storm-2697
- Windows
- The Gentlemen
- CVE-2026-0257
- T1190
- PAN-OS
- GlobalProtect
- Prisma Access
- T1071
- T1071.001
- T1021
- T1021.002
- T1021.001
Detection Engineering Brief - Friday, May 29, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on May 29, 2026

Executive Signal [Read More]
Tags:
- detection-engineering
- kql
- Storm-2697
- The Gentlemen
- Windows
- enterprise networks
- T1059
- Gogs
- Linux
- npm
- cloud
- CI/CD
- T1021.002
- T1078
- T1021
- T1059.007
- T1071.001
- T1071
Detection Engineering Brief - Thursday, May 28, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on May 28, 2026

Executive Signal [Read More]
Tags:
- detection-engineering
- kql
- Gogs
- Linux
- T1059
- Storm-2697
- The Gentlemen
- Windows
- Akira
- consumer endpoints
- web browsers
- T1486
- T1068
- T1078
- T1071
- T1496
Detection Engineering Brief - Wednesday, May 27, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on May 27, 2026

Executive Signal [Read More]
Tags:
- detection-engineering
- kql
Detection Engineering Brief - Tuesday, May 26, 2026

Threat intelligence translated into detection engineering action.
By DevSecOpsDad
Posted on May 26, 2026

Executive Signal [Read More]
Tags:
- detection-engineering
- kql

Detection engineering from the DevSecOpsDad lab.

Detection Engineering Brief - Thursday, June 18, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Wednesday, June 17, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Tuesday, June 16, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Monday, June 15, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Sunday, June 14, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Friday, June 12, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Thursday, June 11, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Wednesday, June 10, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Tuesday, June 9, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Monday, June 8, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Saturday, June 6, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Friday, June 5, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Thursday, June 4, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Wednesday, June 3, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Tuesday, June 2, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Monday, June 1, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Saturday, May 30, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Friday, May 29, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Thursday, May 28, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Wednesday, May 27, 2026

Threat intelligence translated into detection engineering action.

Detection Engineering Brief - Tuesday, May 26, 2026

Threat intelligence translated into detection engineering action.