Monthly Archives: November 2016

by

Threat Hunter Profile – Alan Orlikoski

Name
Alan Orlikoski

Organization
Square Inc.

Years Hunting
3

Preferred Datasets
Network data (Bro), stacked Appcompat, shimcache, Windows Powershell event logs, bash shell history files

Preferred Hunting Techniques
Data traversal analysis, daily dynamic list creation, kill chain analysis

Preferred Tools
Log Parser, CCF-VM, Logstash, Python, command line (grep, head, tail, sed, awk)

by

The Hunter’s Den: Internal Reconnaissance (Part 2)

In part 1 of this hunter’s den post we took a look at the adversary tactic of internal reconnaissance, including what kinds of artifacts might be left behind when internal reconnaissance has occurred on your network. In this post we’ll take a look at the types of data and the various hunting techniques that you can use to hunt for the various kinds of internal reconnaissance.

by

Threat Hunter Profile – Matt Arnao

Name
Matt Arnao

Organization
Lockheed Martin

Years Hunting
5

Preferred Datasets
Network sensor and security device logs, windows events, application logs

Preferred Hunting Techniques
Pivoting, "over the horizon" data gathering, kill chain analysis

Preferred Tools
Suricata, yara, Security Onion, jq