https://fetterm4n.github.io/Recent content on Ryan FettermanHugoen-usFri, 06 Mar 2026 00:00:00 +0000https://fetterm4n.github.io/tools/gguf-tools/Fri, 06 Mar 2026 00:00:00 +0000https://fetterm4n.github.io/tools/gguf-tools/Utility scripts and tooling for GGUF model workflows and experimentation.https://fetterm4n.github.io/tools/infosec-jupyterthon-threat-hunting-three-dimensions/Fri, 06 Mar 2026 00:00:00 +0000https://fetterm4n.github.io/tools/infosec-jupyterthon-threat-hunting-three-dimensions/Notebook-driven threat hunting resources from the Infosec Jupyterthon project.https://fetterm4n.github.io/tools/lucid/Fri, 06 Mar 2026 00:00:00 +0000https://fetterm4n.github.io/tools/lucid/Detection rule classifier project for transforming rule logic into model-assisted reasoning workflows.https://fetterm4n.github.io/tools/macro-level-attack-trending/Fri, 06 Mar 2026 00:00:00 +0000https://fetterm4n.github.io/tools/macro-level-attack-trending/Repository for macro-level ATT&CK trend analysis and supporting data workflows.https://fetterm4n.github.io/tools/peak-threat-hunting/Fri, 06 Mar 2026 00:00:00 +0000https://fetterm4n.github.io/tools/peak-threat-hunting/Framework and resources for practical, model-assisted threat hunting.https://fetterm4n.github.io/research/publications/applied-interpretability-foundation-sec-instruct/Thu, 26 Feb 2026 00:00:00 +0000https://fetterm4n.github.io/research/publications/applied-interpretability-foundation-sec-instruct/Exploring mechanistic interpretability methods for understanding internal behavior of security-focused language models.https://fetterm4n.github.io/research/publications/lucid/Thu, 05 Feb 2026 00:00:00 +0000https://fetterm4n.github.io/research/publications/lucid/A framework for transforming traditional detection engineering logic into LLM-driven reasoning systems.https://fetterm4n.github.io/research/publications/splunk-predicting-cyber-fraud-through-real-world-events-insights-from-domain-registrati/Mon, 15 Dec 2025 00:00:00 +0000https://fetterm4n.github.io/research/publications/splunk-predicting-cyber-fraud-through-real-world-events-insights-from-domain-registrati/By analyzing new domain registrations around major real-world events, researchers show how fraud campaigns take shape early, helping defenders spot threats before scams surface.https://fetterm4n.github.io/research/publications/quantitative-modeling-ai-misuse/Sun, 14 Dec 2025 00:00:00 +0000https://fetterm4n.github.io/research/publications/quantitative-modeling-ai-misuse/A framework for estimating cyber risk introduced by malicious and unintended AI use patterns.https://fetterm4n.github.io/research/talks/cert-eu-defending-at-machine-speed/Thu, 02 Oct 2025 00:00:00 +0000https://fetterm4n.github.io/research/talks/cert-eu-defending-at-machine-speed/Presentation materials for Defending at Machine Speed, focused on practical use of security context to improve AI-assisted detection and response workflows.https://fetterm4n.github.io/research/talks/the-ttp-ep15-threat-hunters-cookbook/Tue, 23 Sep 2025 00:00:00 +0000https://fetterm4n.github.io/research/talks/the-ttp-ep15-threat-hunters-cookbook/YouTube appearance focused on methods and use cases from The Threat Hunter’s Cookbook.https://fetterm4n.github.io/research/talks/ai-attackers-adoption-curve/Tue, 09 Sep 2025 00:00:00 +0000https://fetterm4n.github.io/research/talks/ai-attackers-adoption-curve/Video appearance covering AI-enabled adversary trends and emerging malware behavior.https://fetterm4n.github.io/research/publications/splunk-introducing-the-threat-hunter-s-cookbook/Wed, 06 Aug 2025 00:00:00 +0000https://fetterm4n.github.io/research/publications/splunk-introducing-the-threat-hunter-s-cookbook/The security experts on the SURGe team have released The Threat Hunter’s Cookbook, a hands-on guide for security practitioners that features actionable insights into threat hunting methods, ready-to-use queries, and more.https://fetterm4n.github.io/research/publications/threat-hunters-cookbook/Wed, 06 Aug 2025 00:00:00 +0000https://fetterm4n.github.io/research/publications/threat-hunters-cookbook/Hands-on guide for modern threat hunting workflows with practical methods and queries.https://fetterm4n.github.io/research/publications/splunk-defending-at-machine-speed-guiding-llms-with-security-context/Tue, 24 Jun 2025 00:00:00 +0000https://fetterm4n.github.io/research/publications/splunk-defending-at-machine-speed-guiding-llms-with-security-context/Enhance LLM performance for cybersecurity tasks with few-shot learning, RAG, & fine-tuning guide models for accurate PowerShell classification.https://fetterm4n.github.io/research/publications/splunk-defending-at-machine-speed-accelerated-threat-hunting-with-open-weight-llm-model/Wed, 02 Apr 2025 00:00:00 +0000https://fetterm4n.github.io/research/publications/splunk-defending-at-machine-speed-accelerated-threat-hunting-with-open-weight-llm-model/Splunker Ryan Fetterman explains how Splunk DSDL 5.2 enhances cybersecurity operations, streamlining PowerShell script classification and reducing analyst workload by 250x.https://fetterm4n.github.io/research/publications/splunk-autonomous-adversaries-are-blue-teams-ready-for-cyberattacks-to-go-agentic/Fri, 07 Feb 2025 00:00:00 +0000https://fetterm4n.github.io/research/publications/splunk-autonomous-adversaries-are-blue-teams-ready-for-cyberattacks-to-go-agentic/Explore the impact of autonomous adversaries on cybersecurity as AI and LLMs evolve.https://fetterm4n.github.io/research/talks/trp-episode-7-macro-attack/Thu, 05 Dec 2024 00:00:00 +0000https://fetterm4n.github.io/research/talks/trp-episode-7-macro-attack/YouTube discussion of annual Macro-ATT&CK findings and defender takeaways.https://fetterm4n.github.io/research/publications/splunk-macro-att-and-ck-for-a-ttp-snack/Mon, 21 Oct 2024 00:00:00 +0000https://fetterm4n.github.io/research/publications/splunk-macro-att-and-ck-for-a-ttp-snack/Splunk’s Mick Baccio and Ryan Fetterman explore 2024’s macro-level cyber incident trends through the lens of the MITRE ATT&CK framework.https://fetterm4n.github.io/research/publications/splunk-macro-att-and-ck-2024-a-five-year-perspective/Thu, 10 Oct 2024 00:00:00 +0000https://fetterm4n.github.io/research/publications/splunk-macro-att-and-ck-2024-a-five-year-perspective/Splunk’s Ryan Fetterman and Tamara Chacon dive into attacker techniques, trends, and blue team tips for analyzing and visualizing data from the past year.https://fetterm4n.github.io/research/publications/splunk-add-to-chrome-part-4-threat-hunting-in-3-dimensions-m-ath-in-the-chrome-web-stor/Mon, 04 Mar 2024 00:00:00 +0000https://fetterm4n.github.io/research/publications/splunk-add-to-chrome-part-4-threat-hunting-in-3-dimensions-m-ath-in-the-chrome-web-stor/SURGe experiments with a method to find masquerading using M-ATH with Splunk and the DSDL App.https://fetterm4n.github.io/research/talks/infosec-jupyterthon-2024-day1/Fri, 16 Feb 2024 00:00:00 +0000https://fetterm4n.github.io/research/talks/infosec-jupyterthon-2024-day1/Live stream appearance at Infosec Jupyterthon 2024 Day 1.https://fetterm4n.github.io/research/publications/splunk-revisiting-the-big-picture-macro-level-att-and-ck-updates-for-2023/Tue, 26 Sep 2023 00:00:00 +0000https://fetterm4n.github.io/research/publications/splunk-revisiting-the-big-picture-macro-level-att-and-ck-updates-for-2023/SURGe reviews the latest attacker trends and behaviors with this look at four years of ATT&CK data from some of the largest and most trusted threat reporting sources.https://fetterm4n.github.io/research/publications/splunk-threat-hunting-for-dictionary-dga-with-peak/Tue, 12 Sep 2023 00:00:00 +0000https://fetterm4n.github.io/research/publications/splunk-threat-hunting-for-dictionary-dga-with-peak/Explore applied model-assisted threat hunting for dictionary-based domain generation algorithms using the SURGe Security Research Team’s PEAK Threat Hunting Framework.https://fetterm4n.github.io/research/talks/threat-informed-planning-macro-attack/Wed, 07 Jun 2023 00:00:00 +0000https://fetterm4n.github.io/research/talks/threat-informed-planning-macro-attack/YouTube appearance discussing threat-informed planning and macro-level ATT&CK trend analysis.https://fetterm4n.github.io/research/publications/splunk-model-assisted-threat-hunting-m-ath-with-the-peak-framework/Wed, 17 May 2023 00:00:00 +0000https://fetterm4n.github.io/research/publications/splunk-model-assisted-threat-hunting-m-ath-with-the-peak-framework/Welcome to the third entry in our introduction to the PEAK Threat Hunting Framework! Taking our detective theme to the next level, imagine a tough case where you need to call in a specialized investigator. For these unique cases, we can use algorithmically-driven approaches called Model-Assisted Threat Hunting (M-ATH).https://fetterm4n.github.io/research/publications/peak-threat-hunting-framework/Wed, 17 May 2023 00:00:00 +0000https://fetterm4n.github.io/research/publications/peak-threat-hunting-framework/A structured framework for model-assisted and evidence-driven threat hunting workflows.https://fetterm4n.github.io/research/publications/splunk-paws-in-the-pickle-jar-risk-and-vulnerability-in-the-model-sharing-ecosystem/Thu, 27 Apr 2023 00:00:00 +0000https://fetterm4n.github.io/research/publications/splunk-paws-in-the-pickle-jar-risk-and-vulnerability-in-the-model-sharing-ecosystem/As AI / Machine Learning (ML) systems now support millions of daily users, has our understanding of the relevant security risks kept pace with this wild rate of adoption?https://fetterm4n.github.io/research/publications/splunk-zoom-enhance-finding-value-in-macro-level-att-and-ck-reporting/Wed, 14 Dec 2022 00:00:00 +0000https://fetterm4n.github.io/research/publications/splunk-zoom-enhance-finding-value-in-macro-level-att-and-ck-reporting/Aggregated analysis of global ATT&CK-mapped threat reporting