Tricksonflicks

 continued..... Threat Reports and Blogs Threat Reports and Blogs give you insights into the new Tactics, Techniques, and Procedures used by the attacker.  This information gives you an understanding of how other companies handle exploits, what types of malware the industry is seeing, what new techniques are being used to defend and attack, what are the new emerging threats etc. Find the  Reports and Blogs  of well-known security researchers Teams  like  Nocturnus ,  SecureList ,  Spider Labs ,  Cisco ,  Red Canary ,  Crowdstrike  and  The DFIR report  (my favorite) so on. Try to look for how this can impact your industry or organization. Make it a goal to take away at least one security recommendation you can apply to your organization or job from each threat report you read.  For example, you are reading the latest report from the  Red canary  and observed the most common techniques used by an attacker are  command and scripting interpreter T1059  where Powershell plays a very import

All about Threat Hunting "HYPOTHESIS"                     A threat hunt hypothesis is a proposed explanation made on the basis of limited evidence from a security environment, and this proposed explanation is then used as a starting point for further investigation. Threat hunting is primarily hypothesis driven. This means that quite often each hunt will begin with a series of questions or theories. Generalized questions could include, “If I were to attack this environment, how would I do it? What would I attempt to gain access to? What would be my targets?” These types of questions then lead to hypotheses that can be tested. They may begin looking for odd services, unusual network connections, unusual parent-child processes, abnormal behaviors, maximum numbers of registry or file modifications, or anything that seems unusual for this device or environment. In many cases, the hunt may return no results, but that does not mean that this particular theory was incorrect. These th

Threat Hunting Maturity Models Before moving forward in describing the threat hunting maturity models, First, we need to understand what is threat hunting and its basic terminologies.  The aim of this article is to learn how organizations can count their organization maturity level and what advancements are required to boost their security posture.  The maturity level measures the capabilities of the organizations, which determined to what extent these organizations are capable of hunting and responding to threats. The threat hunting maturity model is defined by the quantity and quality of data the organization collects from its IT environment.  Threat Factors to judge an organization's hunting ability:  Quality and Quantity of the data they collect for hunting Tools provided to access & analyze the data Skills of the analyst who actually use the data & tools to find the security incident. The Hunting Maturity Model, developed by  Sqrrl's  security architect and hunter

Introduction To Threat Hunting   Gartner's definition: Cyber Threat Hunting is about looking for an intruder before any alerts are generated. Proactive in this context refers to taking action before the intrusion alerts, not after intrusions occur. There are tons of definitions available on the internet but in simple terms, cyber threat hunting is a  proactive approach to identifying previously unknown, or ongoing non-remediated threats, within an organization's network. An incident responder waits until they get notified of an incident to get involved. A threat hunter will proactively search for bad guys before you know there is an alert. Threat hunters are incident responders and forensic investigators actively looking for new threats before traditional intrusion detection methods can find them. Threat Hunting Vs Threat Detection Threat Detection Threat Detection is known for its reactive approach bec