Threat Hunting: What it Is, and What it Is Not
Nowadays everybody is talking about threat hunting. Everyone wants to be a threat hunter. Every employer wants to hire a thr…
The PoSh Hunter CTF
If you want to test your PowerShell skills and interested in threat hunting – the PoSh Hunter CTF is for you. …
Automated Hunting of Memory Resident Malware at Scale
Memhunter is an endpoint sensor tool that is specialized in detecing resident malware, improving the threat hunter analysis …
Detection of Malicious Activities in Internet of Things Environment Based on Binary Visualization and Machine Intelligence
Internet of Things (IoT) devices are increasingly deployed for different purposes such as data sensing, collecting and contr…
Finding Registry Malware Persistence with RECmd
Chad Tilbury has writen a post on how to use Eric Zimmerman’s RECmd and its batch files to uncover malware persistence…
A Practical Model for Conducting Cyber Threat Hunting
There remains a lack of definition and a formal model from which to base threat hunting operations and quantifying the succe…
Lean Hunting
(Threat) Hunting has been around long enough that most agree it should be part of any comprehensive information security pro…
Sysmon-Modular: A Sysmon Configuration Repository for Everybody to Customise
This is a Microsoft Sysinternals Sysmon configuration repository by Olaf Hartong, set up modular for easier maintenance and …
Uncovering and Visualizing Malicious Infrastructure
How much information about a threat can you find using a single IP address, domain name, or indicator of compromise (IOC)? W…
Cobalt Strike Remote Threads Detection
Olaf Hartong has writted a blog post in which he shows how to use “Create Remote Thread” events to detect process injection …
