#jobs #incident #vulnerability #patch-management #security-tools #ai #exploit #malware #detection-engineering #phishing #cloud #aws #authentication #ransomware #breach
Articles tagged with: #threat-hunting Clear filter
Detecting Tampering of Windows Security Audit Policy

Detecting Tampering of Windows Security Audit Policy

Detect FYI - Medium detect.fyi

Recently, I finished reading a book I strongly recommend to anyone working in Threat Hunting, BTFM (Blue Team Field Manual). Among the different topics mentioned on it, I want to talk about the auditpol.exe which is a built-in Windows command-line utility used to view and configure the Windows security auditing policy. It controls what types of security-relevant actions (logon events, privilege use, object access, policy changes, etc.) are recorded in the Windows Security event log. Why...

#threat-hunting #blue-team
Threat Hunting tools

Threat Hunting tools

cybersecurity www.reddit.com

I am SOC Manager looking to purchase tools that can assist our team with Threat Hunting. Other than EDR and SIEM is there anything anyone else is using they find valuable? submitted by /u/Powerful_Film_9409 [link] [comments]

#edr #threat-hunting #siem
Hunting in the Dark: Metrics for Early Stage Traffic Discovery

Hunting in the Dark: Metrics for Early Stage Traffic Discovery

cs.CR updates on arXiv.org arxiv.org

arXiv:2507.05213v2 Announce Type: replace Abstract: Threat hunting is an operational security process where an expert analyzes traffic, applying knowledge and lightweight tools on unlabeled data in order to identify and classify previously unknown phenomena. In this paper, we examine threat hunting metrics and practice by studying the detection of Crackonosh, a cryptojacking malware package, has on various metrics for identifying its behavior. Using a metric for discoverability, we model the...

#detection-engineering #malware #threat-hunting
My first cyber tool. Venator - IoC Hunter

My first cyber tool. Venator - IoC Hunter

cybersecurity www.reddit.com

First off, thanks for taking the time to check out my post. Not sure if this is the right place to post, if not, happy to move it. I have been working on this project for quite some time and I finally feel it's in a good spot to where I'm comfortable and proud to show it's current progress. What this program does is generates 100% accurate threat hunts across a variety of different SIEMs. This will allow analysts and really anyone on the security team to threat hunt. More power in more peoples...

#security-tools #threat-hunting
Levenshtein distance function in Logscale

Levenshtein distance function in Logscale

CrowdStrike www.reddit.com

Are there plans to implement a Levenshtein distance function in Logscale similar to how we have shannonEntropy() ? It would be absolutely amazing for threat hunting leads. submitted by /u/Negative-Captain7311 [link] [comments]

#threat-hunting
Analyst looking to get specialised into Threat Hunting, any certification outshining the others?

Analyst looking to get specialised into Threat Hunting, any certification outshining the others?

cybersecurity www.reddit.com

As the title mentions I am a security analyst and I am looking to develop my skills further into Threat Hunting. I have previous certifications such as Security+, CDSA, OSCP+, etc. I would like to learn about Threat Hunting as it seems the most appealing to me, followed very close in second place by Forensic Analysis. As I've done my own research there really isn't a Threat Hunting certification per se that would make you go straight to it for that specific concept, at least not surely at the...

#threat-hunting
Multi-tenant RTR script execution

Multi-tenant RTR script execution

CrowdStrike www.reddit.com

Currently I'm trying to find out how to execute custom RTR scripts for threat hunting purposes. But since I have a multi-CID environment and the number of them is quite large with hundreds up to thousands hosts per each, it seems complicated to create an API client, upload scripts, perfrom particular actions on psfalcon every time for each tenant. I'd like to know if it's possible to follow all these steps on the parent tenant once to not waste time. But it looks like console tabs for API...

#threat-hunting
Moving Beyond Awareness: How Threat Hunting Builds Readiness

Moving Beyond Awareness: How Threat Hunting Builds Readiness

The Hacker News thehackernews.com

Every October brings a familiar rhythm - pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the corner, yet for those of us in cybersecurity, Security Awareness Month is the true seasonal milestone. Make no mistake, as a security professional, I love this month. Launched by CISA and the National

#threat-hunting
Moving into MDR analysis

Moving into MDR analysis

cybersecurity www.reddit.com

So I work in T1 support as of now, my company offered me a position to move Into MDR analysis, but the catch is that I will have to work on weekends either Sundays or Saturdays, questions here are: Is it really worth it to move there? Could it be considered as a side step more than a promotion? I could be moved into threat hunting or incident response In the future which I really like, but I really hate working on weekends. They will train me for 6 months for, which I also like. Will this...

#incident #incident-response #threat-hunting