Threat Hunting
THREAT HUNTING FOR EVIDENCE OF EAVESDROPPING
This post was originally published here by Matthew Hosburgh. We’ve all had the paranoia that someone is listening to our phone conversations. You mean you’ve never heard that clicking noise or heavy breathing that isn’t coming from the primary conversation? Okay, maybe I’m just paranoid. In many organizations, the ability for an adversary to eavesdrop […]
5 TYPES OF THREAT HUNTING
This post was originally published here by Danny Akacki. “How do I hunt?” This is the instinctual first question uttered by anyone seeking to build a threat hunting program. Like all good philosophies, the answer should change over time. You get new information, gain new experiences, etc. The only sure answer is never a singular […]
THREAT HUNTING FOR SUSPICIOUS FILE TYPES ON THE NETWORK
This post was originally published here by Chris Sanders. Not all attacks require the use of malware, but most of them can be traced back to some form of unwanted malicious code executing on a trusted system. The files can be compiled executables, simple scripts, or even office documents hiding malicious macros. While these types […]
THREAT HUNTING: 10 ADVERSARY BEHAVIORS TO HUNT FOR
This post was originally published here by Ely Kahn. You’re ready to make the jump from alert-based Investigations to threat hunting. But what should you hunt for? How do you perform the hunts? What data will you need to collect? This is often the greatest question you will need to answer as a hunter. To […]
THREAT HUNTING STARTING POINTS: WEB SHELLS
This post was originally published here by James Bower. In this article, we’ll be discussing a couple starting points of hunting for web shells on your network. A web shell offers varied functionality to an attacker in a single file. Imagine an attacker having command line access to your web server through an executable file placed […]
THREAT HUNTING FOR LATERAL MOVEMENT
This post was originally published here by Brandon Baxter. Lateral movement is a key step that attackers use in targeting and exploiting your network In this post, we’ll walk through how to identify pivot points of data when hunting for lateral moment when hunting with Sqrrl. Hypothesis: We’ll look for instances where multiple users are logged […]
Cyber Threat Hunting for Uncategorized Proxy Events
This post was originally published here by Chris Sanders. Attackers rely on the abstraction provided between domains and IP addresses to make their infrastructure more resilient. A domain name can be registered in a matter of minutes, and multiple domains can be configured to point to the same host. This allows attackers to quickly switch […]
Current and Future Trends in Threat Hunting
This post was originally published here by Sqrrl Team. What does the future of threat hunting look like? We brought together some of the world’s premier threat hunters to find out. Sqrrl partnered with Richard Bejtlich from TaoSecurity to bring together a panel discussion comprised of the original General Electric CIRT incident handler team. These […]
The Hunter’s Den: Command and Control
The Hunter’s Den blog series aims to go beyond framework and theory and dig into practical tips and techniques for threat hunting. In our previous post, we examined the practical ways that one can hunt for Internal Reconnaissance. In this post, we will take a look at how to hunt for Command and Control (C2) activity. Command and control […]
