The hope is that this informal process demonstrates how to apply a threat hunting mindset to search for malicious activity in your environment but also understand your findings to investigate further.Ĭontinue reading → Tagged AttackLifecycle, PSEmpire, ThreatHuntingįacebook released an awesome open-source tool named Osquery that is being maintained by a thriving community supported by the Linux Foundation and several product leaders such as Kolide, TrailOfBits, and Uptycs. Additionally, this quest will introduce you to an informal threat hunting process to demonstrate the tools and techniques using Sysmon and the Elastic stack. This blog post is going to embark on a quest to hunt for the existence of Goofball in the Hackinglab corporation network. They have been known to steal intellectual property and the Hackinglab corporation just released a press statement about a new widget that will revolutionize the world. In this blog series, we have a fictitious advanced persistent threat (APT) code-named Goofball. It will utilize the same ideas and techniques used for that workshop reiterating specifics and points for the greater InfoSec community to use. This blog post is a written adaptation of my DefCon 2020 Blue Team village workshop.
The theme of this blog post is to demonstrate how to hunt and detect malicious activity at each stage of the Mandiant Attack Lifecycle to create a fundamental framework for hunting adversaries. This blog post series is for anyone who has ever had an interest in threat hunting but did not have the knowledge of how or where to start, what tools they need, or what to hunt for. In this blog post, I will introduce an informal threat hunting process by hunting the APT-style attack performed during the red team exercise in the previous blog post.
0 kommentar(er)
