November 2016

Monthly Archives: November 2016

November 23, 2016 by

Sqrrl Team

Threat Hunter Profile – Alan Orlikoski

Name
Alan Orlikoski

Organization
Square Inc.

Years Hunting
3

Preferred Datasets
Network data (Bro), stacked Appcompat, shimcache, Windows Powershell event logs, bash shell history files

Preferred Hunting Techniques
Data traversal analysis, daily dynamic list creation, kill chain analysis

Preferred Tools
Log Parser, CCF-VM, Logstash, Python, command line (grep, head, tail, sed, awk)

November 10, 2016 by

Josh Liburdi

The Hunter’s Den: Internal Reconnaissance (Part 2)

In part 1 of this hunter’s den post we took a look at the adversary tactic of internal reconnaissance, including what kinds of artifacts might be left behind when internal reconnaissance has occurred on your network. In this post we’ll take a look at the types of data and the various hunting techniques that you can use to hunt for the various kinds of internal reconnaissance.

November 9, 2016 by

Sqrrl Team

Threat Hunter Profile – Matt Arnao

Name
Matt Arnao

Organization
Lockheed Martin

Years Hunting
5

Preferred Datasets
Network sensor and security device logs, windows events, application logs

Preferred Hunting Techniques
Pivoting, "over the horizon" data gathering, kill chain analysis

Preferred Tools
Suricata, yara, Security Onion, jq

November 3, 2016 by

Josh Liburdi

The Hunter’s Den: Internal Reconnaissance (Part 1)

The Hunter’s Den blog series aims to go beyond framework and theory and dig into practical tips and techniques for threat hunting. This post will focus on hunting for Internal Reconnaissance.

Monthly Archives: November 2016

Threat Hunter Profile – Alan Orlikoski

The Hunter’s Den: Internal Reconnaissance (Part 2)

Threat Hunter Profile – Matt Arnao

The Hunter’s Den: Internal Reconnaissance (Part 1)

Resources

What Do We Do

Our Technology

Use Cases

Please Provide Your Contact Information to Access This Resource