Monthly Archives: November 2016

by

Threat Hunter Profile – Alan Orlikoski

Name
Alan Orlikoski

Organization
Square Inc.

Years Hunting
3

Preferred Datasets
Network data (Bro), stacked Appcompat, shimcache, Windows Powershell event logs, bash shell history files

Preferred Hunting Techniques
Data traversal analysis, daily dynamic list creation, kill chain analysis

Preferred Tools
Log Parser, CCF-VM, Logstash, Python, command line (grep, head, tail, sed, awk)

by

Threat Hunter Profile – Matt Arnao

Name
Matt Arnao

Organization
Lockheed Martin

Years Hunting
5

Preferred Datasets
Network sensor and security device logs, windows events, application logs

Preferred Hunting Techniques
Pivoting, "over the horizon" data gathering, kill chain analysis

Preferred Tools
Suricata, yara, Security Onion, jq