Author Archives: Ryan Nolette


Situational-Awareness driven Threat Hunting

For this example, I will limit my search to just high value targets, such as the domain admin accounts.

Authentication requests are used to identify accounts or users that are allowed to access the network and its resources. Similar to legitimate authentication, attackers may use compromised or distinct accounts to identify itself to a authentication server and may also use existing accounts in order to blend in with normal authentication traffic.


Understanding Lateral Movement

The Hunter’s Den blog series aims to go beyond framework and theory and dig into practical tips and techniques for threat hunting. In our previous post, we examined the practical ways to hunt for C2 activity. In this series of posts, we will take a look at how to hunt for lateral movement activity.