<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Detection-Engineering on CuraSec</title><link>https://curasec.metacog.co.kr/tags/detection-engineering/</link><description>Recent content in Detection-Engineering on CuraSec</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Fri, 10 Jul 2026 09:49:54 -0500</lastBuildDate><atom:link href="https://curasec.metacog.co.kr/tags/detection-engineering/index.xml" rel="self" type="application/rss+xml"/><item><title>HTML phishing attachments use comment stuffing to evade AI detection</title><link>https://curasec.metacog.co.kr/insights/2026-07-10-comment-stuffing-in-an-html-phishing-attachment-as-a-mechani/</link><pubDate>Fri, 10 Jul 2026 09:49:54 -0500</pubDate><guid>https://curasec.metacog.co.kr/insights/2026-07-10-comment-stuffing-in-an-html-phishing-attachment-as-a-mechani/</guid><description>&lt;ul>
&lt;li>&lt;strong>Engineer — Learn:&lt;/strong> Comment stuffing in HTML attachments is a novel obfuscation technique worth understanding when tuning email security tooling or evaluating AI-based scanning products; no patch or config change required.&lt;/li>
&lt;li>&lt;strong>SOC/IR — Plan:&lt;/strong> Build or tune email-gateway detections to flag HTML attachments with abnormally high comment-to-content ratios, as this technique is designed specifically to bypass AI-based filters your stack may rely on.&lt;/li>
&lt;li>&lt;strong>Leader — Skip&lt;/strong>&lt;/li>
&lt;/ul></description></item></channel></rss>