Threat Hunting
How DPI Sensors Improve Network Forensics
Effective threat detection requires accurate forensics information for security analysts to make sharper and faster decisions. The quality of forensics output is heavily dependent on the data that is available, both in the form of logs and in the form of traffic intelligence. The more detailed the traffic visibility, the richer and more accurate the […]
DPI Sensors ā Get the Edge in Threat Hunting
As cyber attacks become increasingly sophisticated, traditional solutions based on known signatures often fall short allowing new malware and zero day attacks to penetrate networks without being identified. A virus, for example, might enter a system as an email attachment. Once it becomes active, it will begin system reconnaissance, seeking access to resources and privileges, […]
THREAT HUNTING FOR INTERNAL RDP BRUTE FORCE ATTEMPTS
This post was originally published here by Matthew Hosburgh. In 2015, a targeted attack was discovered. Exposed by Cymmetria, the campaign was known asĀ Patchwork. Their findings discovered that the campaign targeted āpersonnel working on military and political assignments, and specifically those working on issues relating to Southeast Asia and the South China Sea.ā While that […]
SETTING YOUR THREAT HUNTING CALENDAR FOR 2018
This post was originally published here by Kristina Sisk. What is your team hunting for in 2018? If you donāt know, how can you be sure you are positioned to safeguard your organization? In the days of old, threat hunting was regarded as an ad hoc service for an organization. It is now an intrinsic […]
THREAT HUNTING WITH BRO
This post was originally published here by Ryan Nolette. This blog is a quick overview of how I use Bro IDS for threat hunting. Specifically: Example queries I run when I start a hunt by specific data set. Examples of Risk Trigger templates customized for my organizationās environment Example of a Threat Hunt I performed […]
THREAT HUNTING: BUY, BUILD, BEG OR BORROW
This post was originally published here by Sqrrl Team. What goes into running a top-notch SOC? Recently, weĀ sat down withĀ Taylor Lehmann, the CISO of Wellforce, to get his takes on managing breaches, leveraging data, and adapting new hunting techniques. Question:Ā So, you mentioned this concept of a virtual CISO. Can you talk a little bit about […]
SITUATIONAL-AWARENESS DRIVEN THREAT HUNTING
This post was originally published here by Ryan Nolette. For this example, I will limit my search to just high-value targets, such as the domain admin accounts. Authentication requests are used to identify accounts or users that are allowed to access the network and its resources. Similar to legitimate authentication, attackers may use compromised or […]
THREAT HUNTING FOR SUSPICIOUS FILE TYPES ON THE HOST
This post was originally published here by Ā Chris Sanders. In theĀ first partĀ of this series, I discussed how suspicious file types could lead to the discovery of malicious activity. I also discussed how to hunt for suspicious file types traversing your network using data sources like HTTP proxy events. In this article, Iāll continue our focus […]
THREAT HUNTING FOR EVIDENCE OF EAVESDROPPING
This post was originally published here by Matthew Hosburgh. Weāve all had the paranoia that someone is listening to our phone conversations. You mean youāve never heard that clicking noise or heavy breathing that isnāt coming from the primary conversation? Okay, maybe Iām just paranoid. In many organizations, the ability for an adversary to eavesdrop […]
5 TYPES OF THREAT HUNTING
This post was originally published here by Danny Akacki. āHow do I hunt?ā This is the instinctual first question uttered by anyone seeking to build a threat hunting program. Like all good philosophies, the answer should change over time. You get new information, gain new experiences, etc. The only sure answer is never a singular […]
