Detection Engineer

Justin Schoenfeld

Justin works on the Detection Engineering team which is responsible for threat detection and intelligence research. He gained his B.A. in Computing Security from the Rochester Institute of Technology, where he had the opportunity to co-op for a large corporation and a startup company. His love for endpoint telemetry came from his experience as an advanced threat engineer for a large global hospitality company. Justin is experienced in threat hunting, incident response, and researching industry-wide threat intelligence.

By This Author

Investigating legacy authentication: The curious case of “BAV2ROPC”

June 7, 2023

Threat detection

Investigating legacy authentication: The curious case of “BAV2ROPC”

Diary of a Detection Engineer: Exposing and shutting down an inbox heist in action

March 16, 2023

Threat detection

Diary of a Detection Engineer: Exposing and shutting down an inbox heist in action

Cloud coverage: Detecting an email payroll diversion attack

October 6, 2022

Threat detection

Cloud coverage: Detecting an email payroll diversion attack

Detecting suspicious email forwarding rules in Office 365

May 31, 2022

Threat detection

Detecting suspicious email forwarding rules in Office 365

Remote access tool or trojan? How to detect misbehaving RATs

August 19, 2021

Threat detection

Remote access tool or trojan? How to detect misbehaving RATs

Rclone Wars: Transferring leverage in a ransomware attack

May 4, 2021

Threat detection

Rclone Wars: Transferring leverage in a ransomware attack

Catch me if you code: how to detect process masquerading

February 9, 2021

Threat detection

Catch me if you code: how to detect process masquerading

Expediting false positive identification with string comparison algorithms

October 4, 2019

Security operations

Expediting false positive identification with string comparison algorithms