Sqrrl
Current and Future Trends in Threat Hunting
This post was originally published here by Sqrrl Team. What does the future of threat hunting look like? We brought together some of the world’s premier threat hunters to find out. Sqrrl partnered with Richard Bejtlich from TaoSecurity to bring together a panel discussion comprised of the original General Electric CIRT incident handler team. These […]
Top 3 Takeaways From DerbyCon
This post was originally published here by Ryan Nolette. This past week I had the pleasure of going down to DerbyCon 7.0. Along the way, I got to see some fantastic presentations, an excellent Capture the Flag competition, and the tragic death of at least one insect. Here are a few of my takeaways from the […]
CDM Phases and Sqrrl
This post was originally published here by Ely Kahn. Sqrrl’s Threat Hunting Platform is at the forefront of supporting the Department of Homeland Security’s mission of defending the United States against threats in cyberspace. The Threat Hunting Platform features: Machine learning and graph algorithms to detect kill chain behaviors Sqrrl’s Security Behavior Graph, which leverages […]
Endpoint and Network Hunting: A Q&A with Ryan Nolette
This post was originally published here by Sqrrl Team. Ryan Nolette is a security technologist at Sqrrl. Throughout his career he has attained experience in IT/Security planning at a large scale and is proficient in multiple platforms and security techniques. He has experience with troubleshooting, auditing and installations, network intrusion detection, security, incident response, threat intelligence, […]
Hunting for Needles in Haystacks
This post was originally published here by Sqrrl Team. Cyber threat hunting involves proactively and iteratively searching through networks and datasets to detect threats that evade existing automated tools. Yet, determining the Tactics, Techniques and Procedures (TTPs) used by adversaries is challenging for the very reason that there is often no roadmap that can be used […]
Endpoint and Network Hunting: A Q&A with Ryan Nolette
This post was originally published here by Sqrrl Team. Ryan Nolette is a security technologist at Sqrrl. Throughout his career he has attained experience in IT/Security planning at a large scale and is proficient in multiple platforms and security techniques. He has experience with troubleshooting, auditing and installations, network intrusion detection, security, incident response, threat intelligence, […]
How Attackers Lay the Groundwork for Lateral Movement
This post was originally published here by Ryan Nolette. The Hunter’s Den blog series aims to go beyond framework and theory and dig into practical tips and techniques for threat hunting. In our previous post, we examined the practical ways to hunt for C2 activity. In this series of posts, we will take a look at how to […]
The Hunter’s Den: Lateral Movement Part 1- Understanding Lateral Movement
This post was originally published here by Sqrrl Team. The Hunter’s Den blog series aims to go beyond framework and theory and dig into practical tips and techniques for threat hunting. In our previous post, we examined the practical ways to hunt for C2 activity. In this series of posts, we will take a look […]
Why do You Need a Hunt Team? The Answer May Surprise You!
This post was originally published here by David Bianco. You’ve probably heard this a million times now: “You need a hunt team”. This is true, as far as it goes, but why? For most people, the initial answer is probably something close to this: “So we can find bad guys on our network”. Again, this is […]
Cyber Incident Investigation Series: Investigating Attack Scopes
This post was originally published here by Chris Sanders. As defenders, the critical moment is when we’ve determined that an attacker’s attempt to gain a foothold onto the network was successful. This sets of a chain of investigative activity where we follow breadcrumbs through our data to understand where they attacker went, what their mission […]
