Threat Hunting

How DPI Sensors Improve Network Forensics

Effective threat detection requires accurate forensics information for security analysts to make sharper and faster decisions. The quality of forensics output is heavily dependent on the data that is available, both in the form of logs and in the form of traffic intelligence. The more detailed the traffic visibility, the richer and more accurate the […]

DPI Sensors – Get the Edge in Threat Hunting

As cyber attacks become increasingly sophisticated, traditional solutions based on known signatures often fall short allowing new malware and zero day attacks to penetrate networks without being identified. A virus, for example, might enter a system as an email attachment. Once it becomes active, it will begin system reconnaissance, seeking access to resources and privileges, […]

THREAT HUNTING FOR INTERNAL RDP BRUTE FORCE ATTEMPTS

This post was originally published here by Matthew Hosburgh. In 2015, a targeted attack was discovered. Exposed by Cymmetria, the campaign was known as Patchwork. Their findings discovered that the campaign targeted “personnel working on military and political assignments, and specifically those working on issues relating to Southeast Asia and the South China Sea.” While that […]

SETTING YOUR THREAT HUNTING CALENDAR FOR 2018

This post was originally published here by Kristina Sisk. What is your team hunting for in 2018? If you don’t know, how can you be sure you are positioned to safeguard your organization? In the days of old, threat hunting was regarded as an ad hoc service for an organization. It is now an intrinsic […]

THREAT HUNTING WITH BRO

This post was originally published here by Ryan Nolette. This blog is a quick overview of how I use Bro IDS for threat hunting. Specifically: Example queries I run when I start a hunt by specific data set. Examples of Risk Trigger templates customized for my organization’s environment Example of a Threat Hunt I performed […]

THREAT HUNTING: BUY, BUILD, BEG OR BORROW

This post was originally published here by Sqrrl Team. What goes into running a top-notch SOC? Recently, we sat down with Taylor Lehmann, the CISO of Wellforce, to get his takes on managing breaches, leveraging data, and adapting new hunting techniques. Question: So, you mentioned this concept of a virtual CISO. Can you talk a little bit about […]

THREAT HUNTING FOR SUSPICIOUS FILE TYPES ON THE HOST

This post was originally published here by  Chris Sanders. In the first part of this series, I discussed how suspicious file types could lead to the discovery of malicious activity. I also discussed how to hunt for suspicious file types traversing your network using data sources like HTTP proxy events. In this article, I’ll continue our focus […]

THREAT HUNTING FOR EVIDENCE OF EAVESDROPPING

This post was originally published here by Matthew Hosburgh. We’ve all had the paranoia that someone is listening to our phone conversations. You mean you’ve never heard that clicking noise or heavy breathing that isn’t coming from the primary conversation? Okay, maybe I’m just paranoid. In many organizations, the ability for an adversary to eavesdrop […]

THREAT HUNTING FOR SUSPICIOUS FILE TYPES ON THE NETWORK

This post was originally published here by Chris Sanders. Not all attacks require the use of malware, but most of them can be traced back to some form of unwanted malicious code executing on a trusted system. The files can be compiled executables, simple scripts, or even office documents hiding malicious macros. While these types […]

THREAT HUNTING: 10 ADVERSARY BEHAVIORS TO HUNT FOR

This post was originally published here by Ely Kahn. You’re ready to make the jump from alert-based Investigations to threat hunting. But what should you hunt for? How do you perform the hunts? What data will you need to collect? This is often the greatest question you will need to answer as a hunter. To […]

Share this page