Research papers
Longer-form research from our offensive and detection teams - novel techniques, tradecraft we're releasing, and methodologies we contribute back to the community.
-
Offensive
Bypassing EDR with ETW backchannel abuse
A technique for covertly exfiltrating process context by abusing ETW consumer mis-configuration. Detection engineering notes for defenders.
34 min read Read -
Detection
Detection engineering at scale: from alerts to behaviours
A framework for moving detection content from indicator-driven to behaviour-driven, with real examples across Windows and Linux.
28 min read Read -
Assurance
IRAP at scale: patterns across 120 engagements
Aggregated patterns from Vectra's IRAP practice - the ISM controls that most commonly fail and the uplift patterns that fix them.
22 min read Read -
Red team
Adversary simulation against CPS 230 scenarios
How to design a red-team engagement that directly produces evidence for APRA CPS 230 operational resilience obligations.
19 min read Read
Security, engineered around you.
Talk to an engineer - not a call centre. Most Vectra conversations start with a 30-minute technical briefing and end with a written plan.