| 06/23/2025 |
David French |
Beyond the Buzzword: Practical Detection as Code in the Enterprise |
Podcast |
| 06/03/2025 |
David French |
Leveraging Data Tables for Detection Engineering in Google SecOps |
Blog |
| 05/09/2025 |
David French |
Tuning Rules in Google SecOps with Gemini and MCP Servers |
Video |
| 05/05/2025 |
David French |
The Ultimate Guide to Detection as Code and Blue Team Tactics |
Podcast |
| 03/28/2025 |
David French |
Detection Engineering Demystified: Building Custom Detections for GitHub Enterprise @ BSides San Diego |
Presentation |
| 03/20/2025 |
David French |
Detection Engineering with Google Cloud |
Podcast |
| 10/15/2024 |
David French |
Securing Your CI/CD Pipeline: Eliminate Long-Lived Credentials with Workload Identity Federation |
Blog |
| 09/25/2024 |
David French |
Practical Techniques for Monitoring Your Security Data Pipeline |
Blog |
| 09/08/2024 |
David French, Wade Wells |
Maturing SecOps with Detection-as-Code @ Blue Team Con |
Presentation |
| 08/06/2024 |
David French |
Detection Engineering Demystified Building Custom Detections for GitHub Enterprise @ BSides Las Vegas (Slides, Recording) |
Presentation |
| 06/19/2024 |
David French |
Monitoring for Suspicious GitHub Activity with Google Security Operations |
Blog |
| 06/08/2024 |
David French |
From soup to nuts: Building a Detection-as-Code pipeline @ BSides San Antonio |
Presentation |
| 05/18/2024 |
David French |
From soup to nuts: Building a Detection-as-Code pipeline @ BSides Dublin (Slides, Recording) |
Presentation |
| 03/30/2024 |
David French |
From soup to nuts: Building a Detection-as-Code pipeline @ BSides San Diego |
Presentation |
| 03/06/2024 |
David French |
From soup to nuts: Building a Detection-as-Code pipeline @ FIRST Technical Colloquium |
Presentation |
| 01/30/2024 |
David French |
Getting Started with Detection-as-Code and Chronicle Security Operations |
Blog |
| 12/05/2023 |
David French |
Detecting Suspicious Domains in Chronicle Using Entity Enrichment Data |
Blog |
| 07/27/2023 |
David French |
From soup to nuts: Building a Detection-as-Code pipeline |
Blog |
| 07/12/2022 |
David French |
Threat hunting in Okta logs |
Blog |
| 08/04/2021 |
David French (Black Hat Bio) |
Black Hat Arsenal 2021: Using Dorothy to Test Okta SSO Visibility and Detection |
Presentation |
| 12/08/2020 |
David French |
Dorothy: A tool to test security monitoring and detection for Okta environments Blog, Presentation |
Tool |
| 08/21/2020 |
Brent Murphy, David French |
Security operations: Cloud monitoring and detection with Elastic Security |
Blog |
| 08/13/2020 |
David French, Neil Desai |
Threat hunting capture the flag with Elastic Security: BSides 2020 |
Blog |
| 08/11/2020 |
Bobby Filar, David French |
ProblemChild: Discovering Anomalous Patterns based on Parent-Child Process Relationships |
Paper |
| 08/11/2020 |
David French, Devon Kerr |
How to Plan and Execute a Hunt |
Presentation |
| 07/11/2020 |
David French, Daniel Stepanic, Devon Kerr, Justin Ibarra, Neil Desai |
Threat Hunting Capture the Flag at BSides SATX |
CTF |
| 03/24/2020 |
David French, Brent Murphy |
Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 1, Part 2) |
Blog |
| 03/20/2020 |
David French, Bobby Filar |
A Chain Is No Stronger Than Its Weakest LNK @ BSides SLC (Video, Slides) |
Presentation |
| 02/24/2020 |
David French, Brent Murphy |
The Elastic Guide to Threat Hunting |
Book |
| 02/18/2020 |
Brent Murphy, David French |
Hunting for persistence using Elastic Security |
Webinar |
| 12/04/2019 |
David French |
Ransomware, interrupted: Sodinokibi and the supply chain |
Blog |
| 10/25/2019 |
Bobby Filar, David French, Hyrum Anderson |
ProblemChild: Discovering Anomalous Patterns based on Parent-Child Process Relationships @ CAMLIS (Slides, Video) |
Presentation |
| 08/16/2019 |
David French |
Detecting Adversary Tradecraft with Image Load Event Logging and EQL |
Blog |
| 10/09/2018 |
David French |
Detecting & Removing an Attacker’s WMI Persistence |
Blog |
| 10/02/2018 |
David French |
Detecting Attempts to Steal Passwords from Memory |
Blog |
| 10/02/2018 |
David French |
Detecting Attempts to Steal Passwords from the Registry |
Blog |
| 10/01/2018 |
David French |
How to Setup “Cowrie” — An SSH Honeypot |
Blog |
| 09/30/2018 |
David French |
5-Minute Analysis of a Remote Access Trojan |
Blog |
| 09/30/2018 |
David French |
Detecting Lateral Movement |
Blog |
| 10/04/2017 |
David French |
Passive Reconnaissance Techniques for Your Defense @ FS-ISAC Summit |
Presentation |