Monthly Archives: April 2017

by

Threat Hunter Profile – Pietro Bempos

Name
Pietro Bempos

Organization
Zurich Insurance

Years Hunting
1

Preferred Datasets
Endpoint logs/process data, windows event logs, DNS logs, server application logs

Preferred Hunting Techniques
Threat mapping, IP stacking (outlier detection), asset prioritization and investigation

Preferred Tools
Linux command line, custom scripting (Python and Bash), custom tools

by

3 Reasons the Next NIST Update Should Include Threat Hunting

Are we giving our automated security tools too much credit for threat detection? Nearly half of all threats go undetected by automated security tools (44%), according to a recent LinkedIn poll to the 360,000+ member InfoSec Community. Here’s why Sqrrl is arguing to add human-driven analysis to the list of “appropriate activities to identify the occurrence of a cybersecurity event”.

by

Threat Hunter Profile – James Bower

Name
James Bower

Organization
Quantum Security

Years Hunting
10

Preferred Datasets
Bro logs, DNS, HTTP proxy logs, Sysmon and OSSEC

Preferred Hunting Techniques
Outbound traffic analysis, Stacking (outlier detection), process and registry change analysis, temporal baselining

Preferred Tools
Bro, Unix commands (grep, sed, awk), TShark, Splunk