Monthly Archives: January 2017


Threat Hunter Profile – Katie Horne

Katie Horne


Years Hunting

Preferred Datasets
Network flow, application level data, firewall/switch/AP logs, file/process data, Windows event logs

Preferred Hunting Techniques
Searching, grouping, intel analysis

Preferred Tools
Suricata, SpamScope, Sagan, STIX, honeypots (cowrie, YALIH)


Demystifying Threat Hunting Concepts

This post is about demystifying threat hunting concepts that seem to trip up practitioners and outsiders. If the summary in the TLDR below seems appealing, then please continue to the meat of the post.


  • Threat hunting doesn’t have to be complex, but it’s not for everyone
  • Knowing how to begin and end a hunt is more important than knowing how to carry out a hunt
  • If you need a place to start, look at trends in the threat landscape and focus on threats that you do not have automated alerts/detections for
  • Hunting is a creative process that rewards those who take chances
  • Finish with something, anything actionable — so long as it provides value