SOCLabs has a new update.
The points-based leaderboard is now live, with historical challenge results recalculated into the new scoring system.
Your past solves, first bloods, and challenge performance now count toward your updated ranking.
We’ve also added public user profile pages, where you can showcase your points, rank, badges, recent activity, skill coverage, and pin your best detection rules as part of your public portfolio.
Great detection work deserves to be seen.
Attackers are compressing timelines from hours to minutes. Most SOCs are still stitching context together across three tabs and a ticket.
On June 17, we're showing the full lifecycle, from first alert to staged response, with AI agents handling triage, enrichment, and investigation live. Prizes too.
Save your seat: https://t.co/1Iihl0rXa8
🚨 New Challenge Live! #140 Threat Detection Engineer
Attackers are using the most stealthy techniques to bypass your SIEM… Can you catch it using real logs and multi-language rules (Sigma / SPL / KQL / EQL)?
SOCLabs’ latest detection challenge is now live!
Real environment + complete attack chain, built for those who want to become top-tier Threat Detection Engineers.
🔥 Test your detection logic right now
👉 https://t.co/sVrZPJzhsf
Master this challenge and truly earn your Detection Engineer title! 🔥
#Cybersecurity #DetectionEngineering #BlueTeam #InfoSec
Just open-sourced: Detection Rule Bypass Analyzer (SKILL) 🔥
A specialized AI-powered tool for Detection Engineers and SOC Analysts.
It helps you:
• Identify blind spots in detection rules for system command execution
• Assess bypass risks
• Generate realistic bypass test cases
• Suggest stronger rule logic to reduce false negatives
Stop guessing if your rules can be evaded.
Repo: https://t.co/zTJ87ju4la
Stars, feedback, and contributions welcome!
#DetectionEngineering #SIEM #Splunk #CyberSecurity #BlueTeam
We've just launched the new macOS Challenges section on SOCLabs!
A lot of macOS credential theft attacks rely on simple social engineering. Attackers use osascript to display fake authentication dialogs that look identical to real system prompts. Once the user enters their password, the attacker unlocks the Keychain and dumps saved browser passwords, cookies, and more.
If you're practicing detection rules, this Medium difficulty challenge gives you real logs to work with. Give it a try!
Link in comments 👇
#DetectionEngineering #macOS #BlueTeam #Infostealer
This read highlights a practical shift in SecOps: combining LLM-driven natural language queries with deterministic MCP toolchains to automate MITRE coverage checks across fragmented rule formats. https://t.co/0VWYCslIYx
Nearly 65% of orgs are experimenting with AI agents, but fewer than 25% have deployed them in production.
2026 is the year that changes, especially in security operations.
Here's what an Agentic AI SOC actually does differently 🧵
↳ It doesn't just alert you — it correlates signals into full attack chains
↳ It doesn't just detect — it contains, with closed-loop automated response
↳ It doesn't just act — it explains every decision with a traceable reasoning trail
The shift: from managing alerts → neutralizing attacks.
Copilot = passenger. Agent = driver.
Read the full breakdown below.
Headline: Can you detect silent execution via cmd.exe?
🕵️♂️Attackers love using /b and /min flags to hide their tracks. But as a Detection Engineer, you should know exactly where these traces live in the logs.
🚀 New Challenge: CMD Hidden Window Execution
🛠️ Tech: Sysmon | T1564
🔗 Take the challenge: https://t.co/r4WooGLRUH
#DetectionEngineering #BlueTeam #CyberSecurity #SOCLabs #SigmaRules
@Wietze Spot on! #HijackLibs is a lifesaver for these scenarios. 👏
We just launched Challenge #136 to help folks practice detecting this specific Notepad++ backdoor logic in a real-world lab.
➡️ Try it out: https://t.co/SbBRXdodsr
NEW CHALLENGE: Chrysalis Backdoor Detection! 🚨
Rapid7 just unveiled a sophisticated Chrysalis Backdoor, leveraging Notepad++ supply chain, custom obfuscation (Warbird!), and advanced DLL sideloading.
Reading about it is one thing. Detecting it is another.
We've recreated the attack in a real-world environment and built a hands-on lab to test your SIEM rules against this APT. Can you craft the logic to unmask this stealthy threat?
👉 Challenge #136 is LIVE. Prove your skills:
https://t.co/bzmwDRsrgu
#DetectionEngineering #ThreatHunting #MalwareAnalysis #APT #ChrysalisBackdoor #BlueTeam #SIEM
Huge thanks to @Rapid7 for this critical deep dive into the #ChrysalisBackdoor 👏Their research is invaluable. For those ready to move from reading to real-world detection practice, we've built a hands-on challenge based on these exact techniques.👉 Test your SIEM rules against this APT: https://t.co/bzmwDRsrgu
#DetectionEngineering #ThreatIntelligence #BlueTeam #CyberSecurity"
🔎 Rapid7 Labs, alongside our MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group #LotusBlossom.
Find a deep technical analysis of the custom backdoor 'Chrysalis', Notepad++, Warbird, and more in our latest blog: https://t.co/0JAMmc6WFv