Detection Engineering
Phishing Detection Beyond DMARC
How to detect phishing beyond DMARC — lookalike domains, display-name spoofing, newly-registered senders, and BEC signals, with an SPL analytic and layered defenses.
3 articles
How to detect phishing beyond DMARC — lookalike domains, display-name spoofing, newly-registered senders, and BEC signals, with an SPL analytic and layered defenses.
A practical Sysmon configuration for threat detection — the event IDs that matter, a tuned config approach, what to send to your SIEM, and the rules it powers.
The AWS CloudTrail monitoring patterns that actually catch attackers — root usage, IAM changes, logging tampering, and credential exfiltration, with detection logic.