Fresh off the presses is Red Canary’s 2024 Threat Detection Report, which includes a section analyzing confirmed testing activity across customer environments. Find out which tools we see most often and which industries test more than others.

Joined by Jamie Williams, Nasreddine Bencherchali, and Jose Hernandez, Mike Haag and Paul Michaud discuss the importance of data source diversity and detections across all environments. From the ubiquitous security logs to the profound depths of kernel and EDR sources, your detection guides are here to help.

New Hampshire-based atomic enthusiasts, this event is for you! Chris Haller is giving a talk on March 20 at the Sig Sauer Academy about implementing atomic testing. Intended to help participants identify the gap between threat actor activities and MDR detections, this event will include the presentation and networking opportunities.

This blog from researcher Daniel Cortez is a great deep dive into the use of Microsoft Word’s default template for malicious macro injection. The next two parts will cover the use of PowerShell to automate the macro injection process and the formatting of this behavior as an atomic test, respectively.

This new test from contributor Leomon5 simulates a “JuicyPotato” privilege escalation attack, a technique observed in SnapMC ransomware campaigns, among others

This POSIX AtomicTestHarness validates your detection for Reflective Code Loading on macOS, a technique explored in detail in this year’s Threat Detection Report.