Threat Hunting – Page 2

Detection Engineering vs Threat Hunting

DETECTION ENGINEERING: REINFORCING THE KNOWN Threat detection is the process of identifying threats in an organization that is actively trying to attack the endpoints, networks, devices and systems. Unlike threat…

Bharath Narayanasamy

Threat Hunting

Yara 101

YARA is a powerful pattern-matching tool and rule format used for identifying and classifying files based on specific patterns, characteristics, or content. SOC analysts commonly use YARA rules to detect and…

Bharath Narayanasamy

Elastic SIEM Threat Hunting Threat Detection and Incident Response

Practical Threat Hunting using Elastic SIEM: Hunting for Stuxbot

Based on the INTRODUCTION TO THREAT HUNTING & HUNTING WITH ELASTIC module from HTB-Academy Hunting for Stuxbot The Stuxbot cybercrime group operates with a broad scope, seizing upon opportunities as…

Bharath Narayanasamy

Threat Detection and Incident Response BLUE TEAM DETECT

Netminer

NetworkMiner CapabilityDescriptionTraffic sniffingIt can intercept the traffic, sniff it, and collect and log packets that pass through the network.Parsing PCAP filesIt can parse pcap files and show the content of the packets…

Bharath Narayanasamy

Threat Intelligence

Custom detection rule with the MITRE ATT&CK framework in Splunk

Let's walk through a practical example of creating a custom detection rule with the MITRE ATT&CK framework in Splunk. Example:Let's say we want to create a detection rule for the…

Bharath Narayanasamy

Threat Hunting Threat Detection and Incident Response

Detect brute force attacks using Splunk

To detect brute force attacks using Splunk, you can create queries that monitor and analyze relevant log data. Here are some example Splunk queries that can help you identify potential…

Bharath Narayanasamy

Threat Intelligence

Investigate SQLi attacks using Splunk

Sure! Here are a few Splunk queries that can help detect web application attacks: Detecting SQL Injection Attacks: index=<your_index> sourcetype=<your_sourcetype> | search (request_uri=*' OR referer=*) AND (|inputlookup sql_injection_keywords.csv) Detecting Cross-Site…

Bharath Narayanasamy

Threat Hunting Threat Detection and Incident Response

Splunk Threat Hunting – Windows Events

When performing threat hunting using Splunk on Windows systems, there are several important queries you can use to identify potential threats and security incidents. Here are some examples: Detecting Suspicious…

Bharath Narayanasamy

Threat Intelligence

Threat Intelligence Tools – Abuse.ch

Abuse.ch Platform Abuse.ch is a research project hosted by the Institue for Cybersecurity and Engineering at the Bern University of Applied Sciences in Switzerland. It was developed to identify and track…

Bharath Narayanasamy

Threat Hunting Threat Intelligence

Threat Intelligence Tools – URLScan.io

Urlscan.io is a free service developed to assist in scanning and analysing websites. It is used to automate the process of browsing and crawling through websites to record activities and interactions.…

Bharath Narayanasamy