Working through the MITRE ATT&CK by Manish RawatWorking through the MITRE ATT&CK by Manish Rawat

Working through the MITRE ATT&CK

Manish Rawat

Manish Rawat

Completed work

CTO

Security Engineer

Cybersecurity Specialist

Contra

Contra

Splunk

Splunk

Substack

Substack

Cybersecurity

Working through the MITRE ATT&CK Evaluations APT29 dataset in Splunk and documenting everything I find. Part 1 covers EventID 1, the initial dropper, steganographic payload execution inside a PNG image, and what the EventID distribution revealed about how APT29 avoids process-based detection. The Sigma detection rules for every technique I find across the full series will publish on Substack. Part 1 is here: https://open.substack.com/pub/manishrawat21/p/hunting-apt29-in-196071-logs-what?r=7dntti&utm_campaign=post&utm_medium=web&showWelcomeOnShare=true
#Cybersecurity #ThreatHunting #APT29 #DetectionEngineering #infosec #Contra
Like this project
Completed work

Posted Mar 23, 2026

Working through the MITRE ATT&CK Evaluations APT29 dataset in Splunk and documenting everything I find. Part 1 covers EventID 1, the initial dropper, stegano...

Likes

0

Views

1

Timeline

Mar 9, 2026 - Ongoing

Tags

CTO

Security Engineer

Cybersecurity Specialist

Contra

Contra

Splunk

Splunk

Substack

Substack

Cybersecurity

Manish Rawat

Manish Rawat

Security Analyst | Threat Detection & SIEM

Recently something interesting happened. My research
Recently something interesting happened. My research
Responding to SSH Brute-Force Attacks in a Home Lab
Responding to SSH Brute-Force Attacks in a Home Lab
Handling a Fake Port Scan in SOC Lab
Handling a Fake Port Scan in SOC Lab