Director, Threat Research

Matt Graeber

Matt has worked the majority of his security career in offense, facilitating his application of an attacker’s mindset to detection engineering which involves developing detection evasion strategies. By pointing out gaps in detection coverage, Matt is able to effectively offer actionable detection improvement guidance. Matt loves to apply his reverse engineering skills to understand attack techniques at a deeper level in order to more confidently contextualize them, understand relevant detection optics, and to understand the workflow attackers use to evade security controls. Matt is committed to making security research both accessible and actionable.

By This Author

Better know a data source: Antimalware Scan Interface

January 12, 2022

Threat detection

Better know a data source: Antimalware Scan Interface

Better know a data source: Process command line

October 20, 2021

Threat detection

Better know a data source: Process command line

Steering clear of bad drivers: How to apply Microsoft’s recommended driver block rules

September 2, 2021

Threat detection

Steering clear of bad drivers: How to apply Microsoft’s recommended driver block rules

The adversary’s gift: When one technique opens a Pandora’s box

July 28, 2021

The adversary’s gift: When one technique opens a Pandora’s box

Diary of a Detection Engineer: Babysitting child processes

June 16, 2021

Threat detection

Diary of a Detection Engineer: Babysitting child processes

Tales from decrypt: Differentiating decryptors from ransomware

May 20, 2021

Threat detection

Tales from decrypt: Differentiating decryptors from ransomware

Does signed mean trusted? The Mimikatz dilemma

April 28, 2021

Threat detection

Does signed mean trusted? The Mimikatz dilemma

The why, what, and how of threat research

December 8, 2020

Threat detection

The why, what, and how of threat research