Detection Dispatch (Alex's Version)

Alex Hurtado

Detection Dispatch (Alex's Version) is an independent detection engineering & threat hunting podcast. Rebuilt. Community-first. Featuring a lineup of the real and active projects pushing the limits of detection engineering, threat hunting, and everything in between.

Afleveringen

  1. 2 dgn geleden

    Red Team Wrote a Book on Evading You. Literally. feat. Dennis Chow & Michael LaSalvia

    Dennis Chow (Detection Engineering Director, back for round two) and Michael LaSalvia (red team lead) join Dispatch to talk about their new book, Evasion Engineering: Building Custom Red Team Tools for the Modern Defenses, and what happens when a blue teamer and a red teamer decide to write the playbook together instead of against each other. In this episode we get into: Why off-the-shelf adversary emulation repos are dying, and why building your own evasive tooling, not just running someone else's, makes you a fundamentally better detection engineerThe trusted advisor model: bringing blue teamers inside red team ops so trust replaces the us vs. them dynamicThe unmodified Kali header in a packet that blew a six month long campaign Shared fate as an operating model, borrowed from cloud providers, to stop punishing one side for the other's successGo (open-source programming language aka Golang supported by Google) and cross platform payloads: why Windows only red team frameworks have difficulty in keeping up with cloud and identity based attack paths Their favorite chapters to write: low and slow exfiltration, and the hybrid packer that finally got past an EDR that wouldn't quitFollow Dennis & Michael's work on: Evasion Engineering: Building Custom Red Team Tools for the Modern Defenses — available for pre-order on Packt and Amazon https://www.amazon.com/Evasion-Engineering-Building-Custom-Defenses-ebook/dp/B0GKDC57S8VM setup for adversary emulation & testing: https://github.com/Orange-Cyberdefense/GOADDetection Dispatch (Alex's Version) is an independent detection engineering & threat hunting podcast. Rebuilt. Community-first. Featuring a lineup of the real and active projects pushing the limits of detection engineering, threat hunting, and everything in between.

    Red Team Wrote a Book on Evading You. Literally. feat. Dennis Chow & Michael LaSalvia
  2. 7 jul

    What Headless Actually Means feat. Maxime Lamothe-Brassard Founder of LimaCharlie

    The definition of headless is taking shape. More software is shipping with an MCP. Teams are starting to require it in procurement. Your CLI and Claude Code can now talk directly to the tools you already run. LimaCharlie was one of the first platforms in the SOC to build everything through the command line....long before the post-Claude boom. Maxime Lamothe-Brassard (their founder) joins Dispatch to explore what going headless actually means for security operations. In this episode we get into: What headless actually means mechanically and why it's a very old computing idea security is only now fully inheritingWhy the UI becoming optional levels the playing field and kills the faith-based vendor pitchThe eager intern problem: permissions control what an agent is allowed to do, not whether its answer is rightWhy passing the MCP boundary and trusting the LLM on the other side is a front door left wide openGPT wrappers vs. real headless infrastructure: who owns the detection logic and who's just reselling tokensThe customer who told their MSSP they'd rather their CEO get locked out for 30 minutes than wait on a human to respondThe one thing Max won't let a headless agent do...everFollow Max's work on: limacharlie.io | limacharlie.io/blogLinkedIn: linkedin.com/in/maximelbFree Build Your Own Headless SOC Workshop with BlackHills Infosec @ BlackHat, August 5, 2026 https://luma.com/black-hat-headless-soc-workshop?tk=crcMy4Detection Dispatch (Alex's Version) is an independent detection engineering & threat hunting podcast. Rebuilt. Community-first. Featuring a lineup of the real and active projects pushing the limits of detection engineering, threat hunting, and everything in between.

    What Headless Actually Means feat. Maxime Lamothe-Brassard Founder of LimaCharlie
  3. 4 jun

    Words are Cheap. Sense Making is Not..feat. Diego Perez

    What happens when a philosopher walks into a SOC? Apparently, he builds one from the ground up, spends a decade making sense of detection engineering across financial services, global IR teams, and now Canva.  Diego Perez is a detection engineer who studied philosophy, taught himself security at 2am with a newborn in the other room, and has been quietly writing some of the sharpest unsloppy takes on the internet about what detection engineering actually is versus what we pretend it is. His blog Quasarops lives by one rule: words are cheap, sense making is not. We hit on: Why "garbage in, garbage out" is a heuristic that stops short of actually helping anyoneThe Cynefin framework and why knowing which detections you need lives in the complex domain, not the complicated oneDetection as code: is it overrated now that coding agents exist, or are we asking the wrong question entirelyThe Red Queen effect, Jevons' paradox, and why you do actually need AI in your SOC whether you like it or notAgentic threat hunting: whose tokens do you trust, yours or a vendor's black boxWhy the human element is more important than ever, and who exactly gets blamed when the model gets it wrong Follow Diego's substack: https://quasarops.com Detection Dispatch (Alex's Version) is an independent detection engineering & threat hunting podcast. Rebuilt. Community-first. Featuring a lineup of the real and active projects pushing the limits of detection engineering, threat hunting, and everything in between.

    Words are Cheap. Sense Making is Not..feat. Diego Perez
  4. 6 mei

    A DE's Guide to Staying in the Loop feat. Your Favorite Detection Engineering Instructor Hayden Covington

    Detection Dispatch (Alex's Version) episode two brings on the person who treats detection engineering like an actual craft....not a vendor feature list, not a MITRE bingo card, not a vibe coded rule you ship and forget. Hayden teaches detection engineering at Antisyphony Training and runs the SOC at Black Hills Information Security, which means he's not theorizing. He's got the reps, the scars, and even a home SIEM with documentation. This is the episode for practitioners who are watching Claude write their detections and quietly wondering if they're slowly getting worse at their job. In this episode we cover: The detection lifecycle nobody actually closes: research, write, validate and the canary step that tells you whether your thousand rules are quietly dead in the water six months from now.The CTI firehose problem. When every vendor blog is just an ad wearing a threat report costume, how do you find the gold? (Hint: DFIR Report and Google TI don't need your clicks)AI writing detections: yes, with caveats. No for junior engineers who've never written a query. And absolutely not without a review agent, an experimental pipeline, and final approval from a human who still knows how to dribble the ball.Why you cannot send AI out like a Pokémon and what happens to your detection program when you try.Find Hayden at @kilobytethedust and at antisyphontraining.com. Detection Dispatch (Alex's Version) is an independent detection engineering & threat hunting podcast. Rebuilt. Community-first. Featuring a lineup of the real and active projects pushing the limits of detection engineering, threat hunting, and everything in between.

    A DE's Guide to Staying in the Loop feat. Your Favorite Detection Engineering Instructor Hayden Covington

Info

Detection Dispatch (Alex's Version) is an independent detection engineering & threat hunting podcast. Rebuilt. Community-first. Featuring a lineup of the real and active projects pushing the limits of detection engineering, threat hunting, and everything in between.