Facebook Linkedin Twitter

Sqrrl

Cyber Incident Investigation Training: Reducing Evidence Abstraction
Education & Career

Cyber Incident Investigation Training: Reducing Evidence Abstraction

This post was originally published here by Chris Sanders. An incident investigation will only go as far as the evidence allows it. Of course, there’s a lot of components that have to come together to make that happen. The network must support the collection of robust and diverse evidence sources and it must be searchable […]

Answering Questions Before They’re Asked
News

Answering Questions Before They’re Asked

This post was originally published here by Chris Sanders. Investigations are all about iterating through evidence that helps you make decisions about what events transpired on your network. That sounds easy enough, but asking the right questions and identifying the data you need to answer them is tricky. This problem manifests in two ways. First, […]

Retracing Investigation Steps
News

Retracing Investigation Steps

This post was originally published here by Chris Sanders. Finding evil is all about asking the right questions, finding answers, and using those answers to ask more questions. Each question and answer represent a decision point, branching the investigation off down a new path. The path of the analyst is far from linear, and sometimes […]

The Nuts and Bolts of Detecting DNS Tunneling
Network Security

The Nuts and Bolts of Detecting DNS Tunneling

This post was originally published here. DNS-based attacks have been commonly used since the early 2000’s, but over 40% of firms still fall prey to DNS tunneling attacks. Tunneling attacks originate from uncommon vectors, so traditional automated tools like SIEMs have difficulty detecting them, but they also must be found in massive sets of DNS data, so […]

What is Threat Hunting in Cybersecurity Defense
Cyber Threats & Vulnerabilities

What is Threat Hunting in Cybersecurity Defense

This post was originally published here by Håkon Olsen. WHAT IS HUNTING AND WHY DO IT? A term that is often used in the cybersecurity community is threat hunting. This is the activity of hunting for intruders in your computer systems, and then locking them out. In the more extreme cases it can also involve […]

The Hunter’s Den: Command and Control
How-To Guide

The Hunter’s Den: Command and Control

The Hunter’s Den blog series aims to go beyond framework and theory and dig into practical tips and techniques for threat hunting. In our previous post, we examined the practical ways that one can hunt for Internal Reconnaissance. In this post, we will take a look at how to hunt for Command and Control (C2) activity. Command and control […]

The Hunter’s Den: Internal Reconnaissance (Part 1)
Featured

The Hunter’s Den: Internal Reconnaissance (Part 1)

The Hunter’s Den: Internal Reconnaissance (Part 1) By Josh Liburdi, Security Technologist at Sqrrl, and George Aquila As we laid out in our introduction, The Hunter’s Den blog series aims to go beyond framework and theory and dig into practical tips and techniques for threat hunting. This first post will focus on hunting for Internal […]

123Page 3 of 3
Sqrrl is the threat hunting company that enables organizations to target, hunt, and disrupt advanced cyber threats. Sqrrl’s industry-leading threat hunting platform unites link analysis, User and Entity Behavior Analytics (UEBA), and multi-petabyte scalability capabilities into an integrated solution. Sqrrl’s unique approach enables security analysts to discover threats faster and reduces the time and resources required to investigate them.
Share this page

EDITOR PICKS

POPULAR POSTS

RECENT POSTS

© Copyright 2024 - Cybersecurity Insiders