Intro
Splunk
ELK
- Kibana
Forensics
Hunting
Standard Operating Procedures
Best Practices
- Good/Best Practices in Security
Penetration Testing
Cloud
- Cloud Providers
- Azure
Azure
- AZ-500
- AZ-900
Threat Intelligence
Learning
- Useful Pages

Powered by GitBook

On this page

Try to catch the bad guys
What is threat hunting
The process
C2 Detection
Resources
Recording
Course Info

Was this helpful?

Threat Hunting Training Course

by Active Countermeasures

PreviousThreat Hunting with VirusTotal NextResources

Last updated 2 years ago

Try to catch the bad guys

Centralize logs
Write signatures
Alert on signature matches
Follow-up on alerts

This is not threat hunting, it is not proactive! Threat Intel is also not Threat Hunting!

Syslog was not designed for security. Different platforms log events differently.

What is threat hunting

Proactive validation of all systems connected to the org's network
Needs to include all systems
Execute without making assumptions
Deliverable is a compromise assessment

The process

Review the integrity of every device
Generate one of the three dispositions
1. System is OK
2. System is compromised
3. Not sure, need to collect more information to make a decision
Leverage the context for host log review

C2 Detection

Resources

Recording

Course Info

Cyber Threat Hunting Training Course - Active CountermeasuresActive Countermeasures