Stuff I use, stuff I built, stuff I recommend.
The framework. If you're not mapping to it, you're guessing.
Structured hunting: Prepare, Execute, Act. How I run hunts.
Open-source, vendor-agnostic detection rules. Write once, convert to any SIEM.
Pattern matching for malware. Essential for hunting and classification.
