Threat Hunting
How DPI Sensors Improve Network Forensics
Effective threat detection requires accurate forensics information for security analysts to make sharper and faster decisions. The quality of forensics output is heavily dependent on the data that is available, both in the form of logs and in the form of traffic intelligence. The more detailed the traffic visibility, the richer and more accurate the […]
DPI Sensors – Get the Edge in Threat Hunting
As cyber attacks become increasingly sophisticated, traditional solutions based on known signatures often fall short allowing new malware and zero day attacks to penetrate networks without being identified. A virus, for example, might enter a system as an email attachment. Once it becomes active, it will begin system reconnaissance, seeking access to resources and privileges, […]
THREAT HUNTING FOR INTERNAL RDP BRUTE FORCE ATTEMPTS
This post was originally published here by Matthew Hosburgh. In 2015, a targeted attack was discovered. Exposed by Cymmetria, the campaign was known as Patchwork. Their findings discovered that the campaign targeted “personnel working on military and political assignments, and specifically those working on issues relating to Southeast Asia and the South China Sea.” While that […]
SETTING YOUR THREAT HUNTING CALENDAR FOR 2018
This post was originally published here by Kristina Sisk. What is your team hunting for in 2018? If you don’t know, how can you be sure you are positioned to safeguard your organization? In the days of old, threat hunting was regarded as an ad hoc service for an organization. It is now an intrinsic […]
THREAT HUNTING WITH BRO
This post was originally published here by Ryan Nolette. This blog is a quick overview of how I use Bro IDS for threat hunting. Specifically: Example queries I run when I start a hunt by specific data set. Examples of Risk Trigger templates customized for my organization’s environment Example of a Threat Hunt I performed […]
THREAT HUNTING: BUY, BUILD, BEG OR BORROW
This post was originally published here by Sqrrl Team. What goes into running a top-notch SOC? Recently, we sat down with Taylor Lehmann, the CISO of Wellforce, to get his takes on managing breaches, leveraging data, and adapting new hunting techniques. Question: So, you mentioned this concept of a virtual CISO. Can you talk a little bit about […]
SITUATIONAL-AWARENESS DRIVEN THREAT HUNTING
This post was originally published here by Ryan Nolette. For this example, I will limit my search to just high-value targets, such as the domain admin accounts. Authentication requests are used to identify accounts or users that are allowed to access the network and its resources. Similar to legitimate authentication, attackers may use compromised or […]
THREAT HUNTING FOR SUSPICIOUS FILE TYPES ON THE HOST
This post was originally published here by Chris Sanders. In the first part of this series, I discussed how suspicious file types could lead to the discovery of malicious activity. I also discussed how to hunt for suspicious file types traversing your network using data sources like HTTP proxy events. In this article, I’ll continue our focus […]
THREAT HUNTING THROUGH THE USE OF AN ISOLATION FOREST
This post was originally published here by Christopher McCubbin. In a recent Boston Bsides talk, David Bianco and I briefly mentioned the use of isolation forests to find unusual behavior in cybersecurity log files. Today, we will take a deeper dive into the techniques that we experimented with. These experiments were run in collaboration with Dimitar Karev, […]
IS THREAT HUNTING-AS-A-SERVICE (THAAS) FOR YOU?
This post was originally published here by Luis Maldonado. Today we are announcing an exciting new partnership with Deloitte in support of their Managed Threat Hunting Services. This partnership reflects our firm belief that threat hunting services will benefit organizations of all hunting maturity levels. As we work with security teams in a wide variety […]
