the dogesec blog
much post. so knowledge. many intel. very subscribe. wow.
-
Writing Advanced Sigma Detection Rules: Using Correlation Rules
analysts tutorial January 13, 2025
Correlation Rules allow you to detect threats by linking multiple events together based on a meaningful relationship. -
Writing Effective Sigma Detection Rules: A Guide for Novice Detection Engineers
analysts tutorial December 16, 2024
Sigma Rules are becoming more widely adopted as the standard detection language. Learning how to write them is not difficult. Let me show you. -
Bad Software Keeps Cyber Security Companies in Business
analysts research November 18, 2024
Despite countless frameworks, best practices, blog posts... so many developers still hardcode credentials into their code. -
Enriching Vulnerabilities to Create an Intelligence Graph
analysts developers October 14, 2024
We do a lot of our research into vulnerabilities. To aid this, we enrich CVEs using many remote sources of intelligence. Here is a walk-through showing how we connect CVEs to EPSS scores, CISA KEVs, MITRE ATT&CK, CWEs, and CAPECs. -
How Known Affected Software Configorations on the CVE Website are Constructed
analysts August 12, 2024
I wanted to write detection rules to identify what products are vulnerable to a CVE. In this post I walk you through my research. -
PSA: MITRE ATTCK is More Than Tactics and Techniques
analysts developers July 15, 2024
Software, Data Sources, Data Components, Campaigns, and more, make MITRE ATT&CK even more powerful than you might first realise. In this post I uncover the parts of ATT&CK you might not be aware of. -
Fortifying AI: How MITRE ATLAS Shields Artificial Intelligence from Adversarial Threats
analysts June 17, 2024
Discover how MITRE ATLAS is helping to defend AI systems as I share a detailed explanation of how the knowledge-base is architected. -
How CTI Butler Creates a Threat Intelligence Graph of Common Frameworks
analysts products March 11, 2024
CTI Butler links many common knowledge bases, for example linking MITRE ATT&CK to CAPEC objects, to improve the context of our research. This post describes the logic CTI Butler employs behind the scenes to do this. -
CTI Developers: We Built an API for MITRE ATT&CK, CWE, CAPEC, ATLAS... and more!
analysts developers products February 12, 2024
Here is a quick-start guide to CTI Butler showing you how much easier it makes working with these frameworks. -
How to Build Custom MITRE ATT&CK Content Using Workbench (Step-by-Step Guide)
analysts tutorial December 11, 2023
A practical Workbench guide: extend ATT&CK, link objects to techniques, and publish collections other teams and tools can consume. -
STIX Shifter: Turning STIX Patterns into SIEM Queries
analysts developers tutorial November 13, 2023
Learn how to translate STIX detection patterns into SIEM queries using STIX Shifter, and convert detections back into STIX Observed Data for evidence and correlation. -
How to Write STIX Indicator Patterns for Real Detection Rules
analysts developers tutorial October 16, 2023
Learn how to turn threat intelligence into actionable detection rules. Learn how to build behavioral detection using STIX Patterns, and link sightings to evidence. -
STIX Extensions in the Wild: How to Add What the Spec Forgot
analysts developers tutorial August 14, 2023
How to design and ship STIX 2.1 extensions — new objects, nested props, and bundles — that your consumers will love. -
Understanding STIX 2.1 Objects: A Foundation for Structured Threat Intelligence
analysts developers tutorial May 14, 2023
Forget the 50-page spec. This guide explains STIX 2.1 objects—SDOs, SCOs, SROs, SMOs, and Bundles—in plain English with real threat intel examples.