Threat-Detection

Identity Threat Detection and Response (ITDR) is a cybersecurity discipline focused on detecting, investigating, and responding to identity-based attacks such as credential abuse, privilege escalation, and account compromise.

Extended Detection and Response (XDR) is a cybersecurity approach that correlates telemetry across endpoints, identities, networks, cloud services, and email systems to improve threat detection, investigation, and coordinated response.

Network Detection and Response (NDR) is a cybersecurity technology that monitors network traffic to detect suspicious behavior, identify threats, and support investigation and response to malicious activity within enterprise environments.

Detection Engineering is the cybersecurity discipline focused on designing, implementing, testing, and maintaining detection logic that identifies malicious activity within systems, networks, and cloud environments.

Managed Detection and Response (MDR) is a cybersecurity service model that provides continuous threat monitoring, detection, investigation, and incident response support delivered by specialized security teams.

Threat Hunting is a proactive cybersecurity practice where analysts actively search for signs of malicious activity within networks, endpoints, and cloud environments before automated detection systems generate alerts.

User and Entity Behavior Analytics (UEBA) is a cybersecurity detection technique that analyzes patterns of user and system behavior to identify anomalies that may indicate insider threats, compromised accounts, or malicious activity.

Indicators of Attack (IOA) are behavioral signs that reveal malicious activity occurring within a system or network, allowing security teams to detect attacks based on attacker behavior rather than known malware signatures.

Living-off-the-Land Binaries (LOLBins) are legitimate system tools and utilities that attackers abuse to execute malicious actions while avoiding detection by traditional security controls.

Endpoint Detection and Response (EDR) is a cybersecurity technology designed to monitor endpoint activity, detect malicious behavior, and enable rapid investigation and response to threats affecting workstations, servers, and other network-connected devices.

A Domain Generation Algorithm (DGA) is a malware technique that programmatically generates large numbers of domain names used to locate command-and-control infrastructure, making attacker communications resilient against domain blocking or takedowns.

Process Hollowing is a malware execution technique where attackers create a legitimate process in a suspended state and replace its memory with malicious code to evade security detection.

A Malware Loader is a malicious program designed to deliver, decrypt, and execute additional malware payloads on a compromised system, often acting as the first stage of a multi-stage cyber attack.

Process Injection is a malware technique used by attackers to execute malicious code inside the memory space of another legitimate process in order to evade security detection and maintain stealth during an intrusion.

Security Information and Event Management (SIEM) is a cybersecurity platform that centralizes logs and security telemetry from across an environment, enabling correlation, detection, investigation, and response to security threats.

Practical guide explaining how to recognize phishing attacks, analyze suspicious emails, identify fraudulent login pages, and reduce the risk of credential theft and account compromise.

Operational playbook for responding to malware infections within enterprise environments, including containment procedures, investigation steps, and system recovery practices.

Beaconing is a network communication pattern used by malware and attackers where compromised systems periodically connect to command-and-control infrastructure to receive instructions or transmit data.

Practical guide explaining how security teams analyze authentication logs, endpoint activity, and network telemetry to detect intrusions and investigate suspicious behavior.

Operational playbook for analyzing security logs, identifying suspicious behavior, reconstructing attacker activity, and improving detection capabilities within enterprise environments.

A Blue Team is the defensive cybersecurity group responsible for monitoring systems, detecting threats, responding to security incidents, and protecting an organization's infrastructure from cyberattacks.

A Security Operations Center (SOC) is a centralized team and operational function responsible for monitoring, detecting, investigating, and responding to cybersecurity threats across an organization's infrastructure.