Sqrrl
Amazon Web Services acquires Cybersecurity Startup Sqrrl!
Amazon Web Services has made an official announcement that it has acquired Cybersecurity startup Sqrrl that was spun out by two former top-level executives of National Security Agency(NSA). The cloud services provider also confirmed that more such deals of purchasing businesses from US Intelligence Agencies will continue in near future. In November 2017, Amazon Cloud […]
HUNTING FOR NETWORK SHARE RECON
This post was originally published here by Matthew Hosburgh. There’s a strong chance you know what your organization is trying to protect. In many cases, this is probably in the form of data. It could be customer data, trade secrets, and forms of classified information. This data can be stored in many places: databases, email, […]
THREAT HUNTING FOR INTERNAL RDP BRUTE FORCE ATTEMPTS
This post was originally published here by Matthew Hosburgh. In 2015, a targeted attack was discovered. Exposed by Cymmetria, the campaign was known as Patchwork. Their findings discovered that the campaign targeted “personnel working on military and political assignments, and specifically those working on issues relating to Southeast Asia and the South China Sea.” While that […]
SETTING YOUR THREAT HUNTING CALENDAR FOR 2018
This post was originally published here by Kristina Sisk. What is your team hunting for in 2018? If you don’t know, how can you be sure you are positioned to safeguard your organization? In the days of old, threat hunting was regarded as an ad hoc service for an organization. It is now an intrinsic […]
THREAT HUNTING WITH BRO
This post was originally published here by Ryan Nolette. This blog is a quick overview of how I use Bro IDS for threat hunting. Specifically: Example queries I run when I start a hunt by specific data set. Examples of Risk Trigger templates customized for my organization’s environment Example of a Threat Hunt I performed […]
DECEPTION, BREACHES, AND GOING ON THE OFFENSE TO SEED THE HUNT
This post was originally published here by Matthew Hosburgh. In my previous blog, I explored the areas where certain areas of Active Defense could be used to help seed a hunt.These techniques allow the Threat Hunter to go on the offense (in terms of more proactive defense). This is increasingly more important to reduce the time […]
THREAT HUNTING: BUY, BUILD, BEG OR BORROW
This post was originally published here by Sqrrl Team. What goes into running a top-notch SOC? Recently, we sat down with Taylor Lehmann, the CISO of Wellforce, to get his takes on managing breaches, leveraging data, and adapting new hunting techniques. Question: So, you mentioned this concept of a virtual CISO. Can you talk a little bit about […]
GOING ON THE OFFENSE TO SEED THE HUNT
This post was originally published here by Matthew Hosburgh. Varying degrees of attacking back have been hotly debated for years. Everything from fear of retaliation to collateral damage. Proponents claim that what we as a security collective have been doing for years is simply not working. The truth is, breach after breach is reported despite the millions, […]
SITUATIONAL-AWARENESS DRIVEN THREAT HUNTING
This post was originally published here by Ryan Nolette. For this example, I will limit my search to just high-value targets, such as the domain admin accounts. Authentication requests are used to identify accounts or users that are allowed to access the network and its resources. Similar to legitimate authentication, attackers may use compromised or […]
THREAT HUNTING FOR SUSPICIOUS FILE TYPES ON THE HOST
This post was originally published here by Chris Sanders. In the first part of this series, I discussed how suspicious file types could lead to the discovery of malicious activity. I also discussed how to hunt for suspicious file types traversing your network using data sources like HTTP proxy events. In this article, I’ll continue our focus […]
