Security Research Terminal

SYSTEM BOOT // SEC-RESEARCH-TERMINAL

Welcome_

A personal research terminal for security detection engineering. Browse detection queries written for SIEM and SOAR platforms, or read the blog for writeups and notes.

// Latest Blog Posts

VIEW ALL →

Designing Detections for Scale, Speed, and Human Beings

Effective KQL detection engineering goes beyond writing queries — it demands an understanding of attacker behaviour, analyst workflows, and production environme…

Detection EngineeringKQLDefender XDRMicrosoft Sentinel

2026-01-09

Why Smart SOC Teams Are Rethinking Sentinel Ingestion (And What They're Doing Instead)

SOC teams face tough decisions about which logs to ingest into Sentinel given volume-based costs. With Microsoft introducing USOP, security teams should lean mo…

Microsoft SentinelDefender XDRDetection EngineeringSOC

2025-10-25

// Latest Detections

VIEW ALL →

C2 Beacon Detection via DNS Regularity

Elastic SIEM

Identifies potential command-and-control beaconing behaviour by analysing the statistical regularity of DNS queries to external domains from internal hosts.

c2dnsbeaconingelastic

2025-01-20

Lateral Movement via PsExec

Microsoft Sentinel

Detects use of PsExec or similar remote execution tools for lateral movement, based on characteristic service creation events and named pipe patterns.

lateral-movementpsexecwindowssentinel

2024-12-01

Brute Force Login Detection

Splunk

Detects repeated failed authentication attempts against a single account within a short time window, indicative of password brute-forcing activity.

authenticationbrute-forcecredential-attacksplunk

2024-11-15