You bought a plot of land, rented a bulldozer, dug out what one might think was a very deep hole for a pool, set up your prefab bunker running completely off solar panels, pushed the dirt back on top, and settled down in your nice comfy command center. But then you find out highly effective advanced persistent threats are slowly positioning themselves for the long game, and your country needs you to help in this war of the future. And you believe in the cause and stand ready to fight for your country for the sake of your family and loved ones. ..Or maybe you are a normal person and work in security and want to understand the inner workings of the security products you work with instead of reading another book that talks about vague general ideas. You might respond to alerts and wonder why these rules were created, or how you can really feel confident if an alert is a false positive or something much more nefarious. Perhaps you are new to security and want to improve your skillsets. Maybe you are a security engineer or architect, but aren’t sure how to fully triage an alert and want to gain a deeper understanding. If any of this sounds interesting, then this is for you. What this does is walk through several attack techniques, malware reports, or other mechanisms, shows how to go beyond simple ephemeral IOCs like ips, urls, and hashes. It shows several examples of translating reports and techniques into more efficient and longer lasting detections with much broader coverage. It covers some other hunting methodologies, and takes the approach of knowing what normal looks like. Even if you are not normal. Oh and lots of bonus content… random scattered thoughts, pro tips, and dad jokes. I am also calling out CISA to level up your game, shape the industry, and write more efficient rules higher on the pyramid of pain. Your reports are good, they often have TTPs and tools, but the majority of your subscribers are just going to take your precanned rulesets which only contain IPs and hashes and plug them in. Start pushing Sigma rules. Don’t worry this book shows you how to write higher level rules, and even how to turn those rules into standalone PowerShell rules in case it is needed. You do good work but it’s time to evolve.