31 matches found
From Attack Simulation to SIEM Rule: Deterministic Detection-As-Code Synthesis with Probe-Level Traceability
Security teams routinely simulate attacks against their own systems to check whether their monitoring would catch a real intruder. These Breach-and-Attack-Simulation BAS tools surface findings, but the security information and event management SIEM systems that watch production need detection rul...
SOC-Alert-Investigation-Portfolio
SOC Alert Investigation Portfolio This repository contains pr...
Operation-Molasses
🍯 OPERATION MOLASSES PEKMEZ Zencefil Efendi's Cyber Dow...
OpenSOC-AI: Democratizing Security Operations with Parameter Efficient LLM Log Analysis
Small and medium sized businesses SMBs face an escalating cybersecurity threat landscape, yet most lack the resources to staff full Security Operations Centers SOCs or deploy enterprise grade detection platforms. This paper presents OpenSOC-AI, a lightweight log analysis framework that uses...
BuildReview2
BuildReview2 - Attack-Path-Driven Windows Host Review A rewri...
redhound-arsenal
Red Hound Arsenal Agent-consumable security skill library for...
DeepStage: Learning Autonomous Defense Policies against Multi-Stage APT Campaigns
This paper presents DeepStage, a deep reinforcement learning DRL framework for adaptive, stage-aware defense against Advanced Persistent Threats APTs. The enterprise environment is modeled as a partially observable Markov decision process POMDP, where host provenance and network telemetry are fus...
Learning the APT Kill Chain: Temporal Reasoning over Provenance Data for Attack Stage Estimation
Advanced Persistent Threats APTs evolve through multiple stages, each exhibiting distinct temporal and structural behaviors. Accurate stage estimation is critical for enabling adaptive cyber defense. This paper presents StageFinder, a temporal graph learning framework for multi-stage attack...
Redteam-Automation
🔴 AI-Driven Red Team Simulation Framework A production-ready...
Turning threat reports into detection insights with AI
Security teams routinely need to transform unstructured threat knowledge, such as incident narratives, red team breach-path writeups, threat actor profiles, and public reports into concrete defensive action. The early stages of that work are often the slowest. These include extracting tactics,...
Turning threat reports into detection insights with AI
Security teams routinely need to transform unstructured threat knowledge, such as incident narratives, red team breach-path writeups, threat actor profiles, and public reports into concrete defensive action. The early stages of that work are often the slowest. These include extracting tactics,...
Constructing Multi-Label Hierarchical Classification Models for MITRE ATT&CK Text Tagging
MITRE ATT&CK is a cybersecurity knowledge base that organizes threat actor and cyber-attack information into a set of tactics describing the reasons and goals threat actors have for carrying out attacks, with each tactic having a set of techniques that describe the potential methods used in these...
Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&CK Evaluation with Trend Vision One™
This blog discusses notable modern TTPs observed from SHADOW-AETHER-015 and Earth Preta, from Trend Research™ monitoring and Trend Vision One™ intelligence. These findings support the performance of TrendAI™ in the 2025 MITRE ATT&CK Evaluations...
Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&CK Evaluation with TrendAI Vision One™
This blog discusses notable modern TTPs observed from SHADOW-AETHER-015 and Earth Preta, from TrendAI Research™ monitoring and TrendAI Vision One™ intelligence. These findings support the performance of TrendAI™ in the 2025 MITRE ATT&CK Evaluations...
Metasploit 2025 Annual Wrap-Up
Hard to believe it's that time again, and that Metasploit Framework will see the dawn of another Annual Wrap-Up and a New Year. All of the metrics and modules you see here would in large part not be possible without the dedicated community members who care about the Framework and its mission on a...
cyber-security-lab-soc-vapt-beginner
Cyber Security Practice Lab — Beginner SOC + VAPT This begin...
Detecting Ambiguity Aversion in Cyberattack Behavior to Inform Cognitive Defense Strategies
Adversaries hackers attempting to infiltrate networks frequently face uncertainty in their operational environments. This research explores the ability to model and detect when they exhibit ambiguity aversion, a cognitive bias reflecting a preference for known versus unknown probabilities. We...
Endpoint Security Agent: A Comprehensive Approach to Real-Time System Monitoring and Threat Detection
As cyber threats continue to evolve in complexity and frequency, robust endpoint protection is essential for organizational security. This paper presents "Endpoint Security Agent: A Comprehensive Approach to Real-time System Monitoring and Threat Detection" a modular, real-time security solution...
offensive-toolkit
Offensive Security Toolkit A comprehensive, modular Python fr...
Code Agent Can Be an End-To-End System Hacker: Benchmarking Real-World Threats of Computer-Use Agent
Computer-use agent CUA frameworks, powered by large language models LLMs or multimodal LLMs MLLMs, are rapidly maturing as assistants that can perceive context, reason, and act directly within software environments. Among their most critical applications is operating system OS control. As CUAs in...