Threat Hunting
How DPI Sensors Improve Network Forensics
Effective threat detection requires accurate forensics information for security analysts to make sharper and faster decisions. The quality of forensics output is heavily dependent on the data that is available, both in the form of logs and in the form of traffic intelligence. The more detailed the traffic visibility, the richer and more accurate the […]
DPI Sensors – Get the Edge in Threat Hunting
As cyber attacks become increasingly sophisticated, traditional solutions based on known signatures often fall short allowing new malware and zero day attacks to penetrate networks without being identified. A virus, for example, might enter a system as an email attachment. Once it becomes active, it will begin system reconnaissance, seeking access to resources and privileges, […]
THREAT HUNTING FOR INTERNAL RDP BRUTE FORCE ATTEMPTS
This post was originally published here by Matthew Hosburgh. In 2015, a targeted attack was discovered. Exposed by Cymmetria, the campaign was known as Patchwork. Their findings discovered that the campaign targeted “personnel working on military and political assignments, and specifically those working on issues relating to Southeast Asia and the South China Sea.” While that […]
SETTING YOUR THREAT HUNTING CALENDAR FOR 2018
This post was originally published here by Kristina Sisk. What is your team hunting for in 2018? If you don’t know, how can you be sure you are positioned to safeguard your organization? In the days of old, threat hunting was regarded as an ad hoc service for an organization. It is now an intrinsic […]
THREAT HUNTING: 10 ADVERSARY BEHAVIORS TO HUNT FOR
This post was originally published here by Ely Kahn. You’re ready to make the jump from alert-based Investigations to threat hunting. But what should you hunt for? How do you perform the hunts? What data will you need to collect? This is often the greatest question you will need to answer as a hunter. To […]
THREAT HUNTING FOR LATERAL MOVEMENT
https://sqrrl.com/threat-hunting-http-user-agents/ This post was originally published here by Brandon Baxter. Lateral movement is a key step that attackers use in targeting and exploiting your network In this post, we’ll walk through how to identify pivot points of data when hunting for lateral moment when hunting with Sqrrl. Hypothesis: We’ll look for instances where multiple users are […]
Current and Future Trends in Threat Hunting
This post was originally published here by Sqrrl Team. What does the future of threat hunting look like? We brought together some of the world’s premier threat hunters to find out. Sqrrl partnered with Richard Bejtlich from TaoSecurity to bring together a panel discussion comprised of the original General Electric CIRT incident handler team. These […]
The Hunter’s Den: Command and Control
The Hunter’s Den blog series aims to go beyond framework and theory and dig into practical tips and techniques for threat hunting. In our previous post, we examined the practical ways that one can hunt for Internal Reconnaissance. In this post, we will take a look at how to hunt for Command and Control (C2) activity. Command and control […]