Lastly, I’m looking to expand the ruleset sources. If you would like me to include one, please submit an issue.

Rulehound is nowhere near done. There are a few known bugs and most likely some issues that I wasn’t able to identify during testing. Please submit any bugs you find in the Rulehound Github repo.

Why reinvent the wheel when there’s already a blueprint? It’s a challenge to search across all the various rulesets for a particular use case. Rulehound aims to solve this problem.

Why Rulehound? Pretty simple: as Detection Engineers, we oftentimes turn to the amazing free, opensource and publicly available rulesets for inspiration when developing new content.

Today I'd like to share a tool I recently wrote called Rulehound. It's a detection ruleset catalogue and search engine containing over 7,500 rules from 5 distinct sources. More details in thread.

rulehound.com

Roadmaps Community driven roadmaps, articles and guides for developers to grow in their career.

I recently stumbled upon roadmap.sh - it's a great resource for self-learners that appreciate some structure.

For anyone who might find it useful, I threw together a basic "Threat Detection Engineer" roadmap:

roadmap.sh/r/threat-det...

How Google Does It: Modernizing threat detection | Google Cloud Blog Get an inside look at Google’s approach to modern threat detection and response, part of our new "How Google Does It" series.

In the latest addition to awesome-detection-engineering, the team at Google outlines 5 important principles for driving a highly effective threat detection program. Check it out here:

cloud.google.com/transform/ho...

ARM - AttackRuleMap Mapping of open-source detection rules and atomic tests.

Check out the latest addition to awesome-detection-engineering: AttackRuleMap

AttackRuleMap is a clean and easy to use table of MITRE ATT&CK techniques and any associated Sigma or Splunk rules. Thanks krdmnbrk for the add!

attackrulemap.com

Get Tickets – SkiCon 2025 SkiCon is where après ski, snowboarding and infosec meet! We aim to join the outdoors and winter sports with cybersecurity research. We differ from most security conferences and hacker gatherings as w...

Tickets for #SkiCon are now on sale! There’s a very limited amount so gets yours while you can!

skicon.tickit.ca/events/27355

Security Engineer, Threat Detection

I'm excited to share that we're hiring for a Detection Engineer at Klaviyo.

Come work with me and a team of highly talented Detection & Response Engineers as we build an innovative and highly effective threat detection program.

www.klaviyo.com/careers/jobs...

Me and every parent I know right now

Ultralytics, a python package with close to 6.4 million downloads per month, was backdoored to run a cryptominer. Running theory from the reported GitHub issue is a GitHub action injection attack, but theres also evidence that the malicious code was published directly via PyPi and skipped CI/CD

don’t ever settle somewhere where you don’t have this

getting to work with people much smarter than you is such an underrated benefit

0xv1n and I added a new way to interface with the LOOBins project! Binaries are now available in a STIX bundle as Tool objects. Threat intel teams can import the bundle into many popular TIPs to help track each binary's relationship to campaigns, threat actors, etc.

www.loobins.io/loobins_stix...

Great starter pack for detection engineers or any defensive-focused cybersecurity folks.

The cold and dark weather + waning sunlight seems to always brings new energy to the open source and content creation community. New LOObins fun + detection-as-code stuff coming soon!