List: Threat Hunting & Incident Response | Curated by Dan Sherman

Apr 27, 2024
27 stories
1 save
Threat Hunting & Incident ResponseCyber security threat hunting & incident response stories
In
Anton on Security
by
Anton Chuvakin
Baby ASO: A Minimal Viable Transformation for Your SOCOne pattern I spotted after looking at the evolution of IT and security organizations over the years, including my time at Gartner is…
Apr 19
Apr 19
In
MITRE ATT&CK®
by
Amy L. Robertson
ATT&CK 2024 RoadmapEnhancing usability, expanding scope, optimizing defenses
Apr 18
1
Apr 18
1
Bank Security
Mastering Cyber Threat Intelligence with ObsidianUtilize Obsidian to transform your CTI dataset and uncover unprecedented connections
Mar 16
2
Mar 16
2
Darek Barecki
k8spacket is fully based on eBPF right nowk8spacket uses eBPF tracepoint and Traffic Control qdisc filters to collect information about TCP traffic and TLS connection metadata.
Mar 9
1
Mar 9
1
In
System Weakness
by
David Merian
Hack eBPF, Own LinuxThis feature for Linux kernels, eBPF (Extended Berkeley Packet Filter) is “technology that makes programming the kernel flexible, safe, and…
Sep 5, 2023
Sep 5, 2023
In
Detect FYI
by
Kostas
EDR Telemetry Project: A Comprehensive ComparisonEndpoint Detection and Response (EDR) products have become essential to organizations’ cybersecurity strategies. As a result, understanding…
Apr 19, 2023
7
Apr 19, 2023
7
In
System Weakness
by
Ashish Bansal
Hunt them in WindowsWhat is Windows Event Log?
Jan 29, 2023
Jan 29, 2023
In
AWS in Plain English
by
Sena Yakut
Hacking AWS Account via AWS Lambda SSRFServer-side request forgery (SSRF) attack is used for abusing functionality on the server to read or update internal resources. The main…
Mar 25, 2023
5
Mar 25, 2023
5
In
MITRE-Engenuity
by
Jon Baker
2023 R&D Roadmap to Advance Threat-Informed DefenseWritten by Jon Baker, Maggie MacAlpine, and
Apr 13, 2023
Apr 13, 2023
 This story is no longer available
In
Microsoft Azure
by
Andre Camillo, CISSP
How to use MITRE’s Top ATT&CK Techniques tool — MITRE tools for Threat Informed DefenseBy now we should all be aware of MITRE and their many different Frameworks for Threat-Informed Defense.
Aug 8, 2022
Aug 8, 2022
In
Anton on Security
by
Anton Chuvakin
Google Cybersecurity Action Team Threat Horizons Report #6 Is Out!This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our sixth Threat…
Apr 13, 2023
Apr 13, 2023
Invictus Incident Response
Email Forwarding Rules in Microsoft 365The ultimate guide to analysing and understanding email forwarding rules in the Unified Audit Log (UAL)
Feb 20, 2023
Feb 20, 2023
SIMKRA
Threat Group Royal — An Analysis with Tidal Community Edition PlatformA how you can develop more transparency and visibility regarding threat actor & ransomware groups with free available, community driven…
Feb 11, 2023
Feb 11, 2023
In
InfoSec Write-ups
by
Adam Goss
Threat Hunting II: Environment SetupWelcome back to part II of this series on threat hunting! (apologies for the delay).
Oct 26, 2022
Oct 26, 2022
Cyborg Security
The No-Nonsense Benefits of Threat HuntingBy Cyborg Security
Nov 3, 2022
Nov 3, 2022
0xffccdd
Kubernetes ForensicsKubernetes Incident Response
Dec 14, 2022
Dec 14, 2022
In
System Weakness
by
David Merian
ChatGPT Powered Malware Bypasses EDRIn research by Jeff Sims at HYAS, he creates “Blackmamba,” an “AI synthesize polymorphic keylogger” that uses python to modify its program…
Mar 13, 2023
1
Mar 13, 2023
1
In
Palantir Blog
by
Palantir
Democratizing Security DetectionSecurity detection programs face significant scaling challenges. This post shares learnings and suggests actionable detection strategies.
Jun 2, 2022
1
Jun 2, 2022
1
In
Microsoft Azure
by
Andre Camillo, CISSP
Hunting for Anomalous Identity Usage behaviour with MITRE ATT&CK using Microsoft Defender for…TL; DR: Identity Anomaly detection — how it works and more below.
Oct 17, 2022
1
Oct 17, 2022
1