Monthly Archives: November 2016
Name
Alan Orlikoski
Organization
Square Inc.
Years Hunting
3
Preferred Datasets
Network data (Bro), stacked Appcompat, shimcache, Windows Powershell event logs, bash shell history files
Preferred Hunting Techniques
Data traversal analysis, daily dynamic list creation, kill chain analysis
Preferred Tools
Log Parser, CCF-VM, Logstash, Python, command line (grep, head, tail, sed, awk)
In part 1 of this hunter’s den post we took a look at the adversary tactic of internal reconnaissance, including what kinds of artifacts might be left behind when internal reconnaissance has occurred on your network. In this post we’ll take a look at the types of data and the various hunting techniques that you can use to hunt for the various kinds of internal reconnaissance.
Name
Matt Arnao
Organization
Lockheed Martin
Years Hunting
5
Preferred Datasets
Network sensor and security device logs, windows events, application logs
Preferred Hunting Techniques
Pivoting, "over the horizon" data gathering, kill chain analysis
Preferred Tools
Suricata, yara, Security Onion, jq
The Hunter’s Den blog series aims to go beyond framework and theory and dig into practical tips and techniques for threat hunting. This post will focus on hunting for Internal Reconnaissance.
![SQR9653_AnolomyCTAs_DS[1] copy](https://sqrrl.com/media/SQR9653_AnolomyCTAs_DS1-copy.jpg)