Sqrrl
THREAT HUNTING THROUGH THE USE OF AN ISOLATION FOREST
This post was originally published here by Christopher McCubbin. In a recent Boston Bsides talk, David Bianco and I briefly mentioned the use of isolation forests to find unusual behavior in cybersecurity log files. Today, we will take a deeper dive into the techniques that we experimented with. These experiments were run in collaboration with Dimitar Karev, […]
IS THREAT HUNTING-AS-A-SERVICE (THAAS) FOR YOU?
This post was originally published here by Luis Maldonado. Today we are announcing an exciting new partnership with Deloitte in support of their Managed Threat Hunting Services. This partnership reflects our firm belief that threat hunting services will benefit organizations of all hunting maturity levels. As we work with security teams in a wide variety […]
THREAT HUNTING FOR EVIDENCE OF EAVESDROPPING
This post was originally published here by Matthew Hosburgh. We’ve all had the paranoia that someone is listening to our phone conversations. You mean you’ve never heard that clicking noise or heavy breathing that isn’t coming from the primary conversation? Okay, maybe I’m just paranoid. In many organizations, the ability for an adversary to eavesdrop […]
5 TYPES OF THREAT HUNTING
This post was originally published here by Danny Akacki. “How do I hunt?” This is the instinctual first question uttered by anyone seeking to build a threat hunting program. Like all good philosophies, the answer should change over time. You get new information, gain new experiences, etc. The only sure answer is never a singular […]
TOP #INFOSEC TWITTER ACCOUNTS (FROM A THREAT HUNTER’S PERSPECTIVE)
This post was originally published here by Danny Akacki. On the heels of our “Hunting For Web Shells” webinar, I wanted to follow up with a short post that came from an attendee question. I’m paraphrasing here but it was something along the lines of, “I’m new to the infosec world, where can I go […]
THREAT HUNTING FOR SUSPICIOUS FILE TYPES ON THE NETWORK
This post was originally published here by Chris Sanders. Not all attacks require the use of malware, but most of them can be traced back to some form of unwanted malicious code executing on a trusted system. The files can be compiled executables, simple scripts, or even office documents hiding malicious macros. While these types […]
THREAT HUNTING: 10 ADVERSARY BEHAVIORS TO HUNT FOR
This post was originally published here by Ely Kahn. You’re ready to make the jump from alert-based Investigations to threat hunting. But what should you hunt for? How do you perform the hunts? What data will you need to collect? This is often the greatest question you will need to answer as a hunter. To […]
TAMING DNS DATA: STACKING MACHINE LEARNING ALGORITHMS TO FIND DGA MALWARE ACTIVITIES
This post was originally published here by Sqrrl Team. DNS traffic is the backbone of the internet. It performs essential function of resolving user requested URLs to the IP addresses hosting them. Without that the world-wide-web would not be able to work. Unfortunately, being so critical and ever-present it also provides cyber criminals with the […]
THREAT HUNTING STARTING POINTS: WEB SHELLS
This post was originally published here by James Bower. In this article, we’ll be discussing a couple starting points of hunting for web shells on your network. A web shell offers varied functionality to an attacker in a single file. Imagine an attacker having command line access to your web server through an executable file placed […]
THREAT HUNTING FOR LATERAL MOVEMENT
This post was originally published here by Brandon Baxter. Lateral movement is a key step that attackers use in targeting and exploiting your network In this post, we’ll walk through how to identify pivot points of data when hunting for lateral moment when hunting with Sqrrl. Hypothesis: We’ll look for instances where multiple users are logged […]
