Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Threat Hunting

crowdstrike

CrowdStrike Introduces Humio for Falcon, Redefining Threat Hunting with Unparalleled Scale and Speed

Jun 6, 2022 By CrowdStrike In CrowdStrike
Humio for Falcon provides long-term, cost-effective data retention with powerful index-free search and analysis of enriched security telemetry across enterprise environments.
Read Post

Hunting AWS RDS security events with Sysdig

Jun 1, 2022 By Sysdig In Sysdig
The AWS RDS service itself falls on the AWS side of the Shared Responsibility model, but the day-to-day management of the RDS security instances falls on your side. When it comes to shared responsibility, your obligation depends on the AWS services that you deploy, and also other factors including (but not limited to) the sensitivity of your data, your company’s requirements, and applicable laws and regulations.
View Video
crowdstrike

Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun

May 25, 2022 By Jamie Harries In CrowdStrike
The security landscape is constantly developing to provide easier ways to establish endpoint visibility across networks through the use of endpoint detection and response (EDR) utilities. However, certain challenges still remain, particularly as a result of many organizations' need for systems running legacy or proprietary operating systems, such as Solaris. If such systems are not adequately protected using other security controls or unless they can only be accessed by systems with appropriate endpoint-based detection/prevention capabilities, this can cause a gap in visibility for an organization that an adversary could abuse.
Read Post
upguard

What is TTP Hunting?

May 19, 2022 By Kyle Chin In UpGuard

TTP hunting is an intelligence-based type of cyber threat hunting that analyzes the latest TTP (Tactics, Techniques, and Procedures) used by hackers and cybercriminals. TTP threat hunters study the newest tools and technologies used by cybercriminals, learn how to detect new attack trends, and gather enough cyber threat intelligence so that companies can fully protect their attack surface.

Read Post
Trustwave

PwnFox - An IDOR Hunter's Best Friend

May 13, 2022 By Trustwave In Trustwave

Maybe I’m a bit late to the game on this one, but I recently discovered PwnFox and it has quickly one of my favorite tools yet. So, what is PwnFox? To put it simply, it’s a BurpPro extension that works with Firefox. It accomplishes two things. First, it helps containerize up to eight (yes, that’s right… eight!) different sessions within one browser and secondly, it organizes all your proxied traffic in Burp BY COLOR! I’ll dive a bit more into #2 in a second.

Read Post
Featured Post
crowdstrike

Proactive Threat Hunting Bears Fruit: Falcon OverWatch Detects Novel IceApple Post-Exploitation Framework

May 10, 2022 By Adrian Justice In CrowdStrike
The CrowdStrike Falcon OverWatch™ proactive threat hunting team has uncovered a sophisticated .NET-based post-exploitation framework, dubbed IceApple. Since OverWatch's first detection in late 2021, the framework has been observed in multiple victim environments in geographically distinct locations, with intrusions spanning the technology, academic and government sectors.
Read Post
Torq

Automated Threat Hunting: A Closer Look

Apr 27, 2022 By Faith Kilonzi In Torq

Proactively finding and eliminating advanced threats through threat hunting is a growing necessity for many organizations, yet few have enough resources or skilled employees to do it effectively. For those who do have an active threat hunting program, the process is often manual and time consuming. With cloud security automation, however, you can implement rules that automatically adjust your security policies based on the latest threat data.

Read Post
graylog

Tools for Threat Hunting and IT Service Risk Monitoring

Apr 19, 2022 By Jeff Darrington In Graylog

Cybersecurity can often seem intimidating for IT teams. After all, things like “threat hunting,” “red teaming,” and “blue teaming” are not used in IT operations. On the other hand, just because these words are terms of art doesn’t mean that they’re activities you don’t do already. You’re probably already using log data as part of your IT operations incident response.

Read Post
splunk

You Bet Your Lsass: Hunting LSASS Access

Apr 7, 2022 By Splunk Threat Research Team In Splunk

One of the most commonly used techniques is to dump credentials after gaining initial access. Adversaries will use one of many ways, but most commonly Mimikatz is used. Whether it be with PowerShell Invoke-Mimikatz, Cobalt Strike’s Mimikatz implementation, or a custom version. All of these methods have a commonality: targeting LSASS.

Read Post
humio

Humio Advanced Log Management Course Recap: Break Threat Patterns with Complete Visibility Across All Your Data

Apr 1, 2022 By Ashish Chakrabortty In Humio

That’s a wrap for the Spring series of the Humio Advanced Log Management Course. The sixth and final session focused on threat hunting and how network data from Corelight can improve your threat hunts. Here’s a recap of the session and a link to watch it on-demand. CrowdStrike CTO Michael Sentonas opened the session by contextualizing threat hunting, saying it requires complete observability and the ability to log everything at scale.

Read Post
Subscribe to Threat Hunting

Copyright © 2022 OpsMatters™. All rights reserved.