Where every claim in SecProve
comes from.
A dense reading catalog. Every claim is footnoted. Sort by source, filter by pillar, type, or recency. Built for analysts who want to see what we are standing on.
Curated newsletter covering detection engineering practices, tools, and techniques. Practical resource for SOC and detection teams.
Indicator hierarchy from hash values (trivial) to TTPs (tough). Foundational concept for detection engineering and threat intelligence questions.
Test your knowledge · A11Seven phases from Reconnaissance to Actions on Objectives. Widely adopted but also widely critiqued (assumes perimeter-centric model). Good for compare/contrast with ATT&CK and Unified Kill Chain.
Annual IR data: dwell time trends, initial access vectors, detection sources. Empirical data from thousands of engagements. One of the few sources for real-world detection/response metrics.
Independent evaluations of security products against real-world attack scenarios. Good for questions about detection coverage, visibility gaps, and evaluation methodology.
Test your knowledge · A11Open-source detection engineering methodology. Goal, categorization, strategy abstract, technical context, blind spots. Well-regarded community resource despite vendor origin.
Test your knowledge · A11Generic signature format for SIEM detection rules. Platform-agnostic detection logic. Questions on detection rule writing, tuning, and false positive management.
Test your knowledge · A11Rule language for identifying malware families by binary patterns and metadata. Foundational for both detection engineering and malware classification.
Pattern matching tool for malware researchers. Create rules to identify and classify malware based on textual or binary patterns.
Test your knowledge · A11Ready to test what you've learned?
Our questions are built directly from these resources. Take a quiz and see how your knowledge stacks up.