Every SOC team has a version of the same uncomfortable question sitting in the back of their mind: if an attacker used this technique right now, would we actually detect it? Most of the time, nobody has a clean answer. You have detection rules, you have a SIEM, you have a rough sense that your... Continue Reading →