Search timeline

People

ThreatHunting

@ThreatHuntProj

Follow

New to threat hunting and not sure where start? Need some inspiration for your next hunt? We've got you covered!

Threat Hunting

@threathunting_

Follow

Cyber Threat Detection For You

Vineet Bhatia

@ThreatHunting

Follow

Digital Forensics and Incident Response. Talk to me about engineering detection and managing response. Views on this channel are those of my own.

View all

Ciarán

@thisisfinedfir

·

Apr 3

Summary of #ThreatHunting #DFIR tips for week 7: 1) Hunt for MFA bombing and suspicious MFA prompt generation:

Quote Tweet

Ciarán

@thisisfinedfir

· Mar 28

#ThreatHunting Tip of the day: #Lapsus highlighted the weaknesses of certain MFA options . Specifically push approvals. Once they had the victims credentials, they would simply spam users with MFA prompts until they got approved. Hunt methods

Show this thread

1

1

Show this thread

Stephan Berger

@malmoeb

·

Apr 2

#ThreatHunting: When investigating a potentially compromised Exchange server, one of the first steps I take is to search the MFT for .aspx files (with

@velocidex

's MFT Hunt, for example). Examine the results for suspicious file names or paths. (1/3) #CyberSecurity

7

145

493

Show this thread

Thomas Roccia

@fr0gger_

·

Mar 31

I coded a simple IOCs extractor from an url in Python to show how to extract IOCs from threat report using MSTICpy library! You can play with it in binder and adapt the code if you like! 🤓

@msticpy

#ioc #python #Jupyter #ThreatHunting 🔬Notebook: https://github.com/fr0gger/jupyter-collection/tree/main/iocextractor…

GIF

6

65

219

Show this thread

Vinny Troia, PhD

@vinnytroia

·

1m

For those that care, I have updated my blog posts regarding the identity of Pompompurin (

@xml

). https://nightlion.com/blog/2021/pompompurin-fbi-email-hack… #databreach #ThreatIntel #ThreatHunting

nightlion.com

Pompompurin: The hacker behind the FBI email data breach

Attribution and identification of Pompompurin, the hacker behind the FBI email data breach and many others.

2

Active Countermeasures

@ActiveCmeasures

·

11h

Next week we are running another 6-hour FREE Threat Hunting Training! Join the 20,000+ students who have leveled up their threat hunting knowledge by attending this hands-on workshop. Register Now: https://zoom.us/webinar/register/9216491703531/WN_mtLW-JYbSGKxCV0Ht93jyg… #ThreatHunting

14

13

Hacking Articles

@hackinarticles

·

Mar 29

Advance Hunting Cheatsheet #infosec #cybersecurity #cybersecuritytips #pentesting #oscp #informationsecurity #cissp #CyberSec #networking #networksecurity #infosecurity #cyberattacks #security #linux #vulnerabilities #ThreatHunting

53

152

Ring3API We Are Fighting For Our Land

@rimpq

·

Apr 1

📌Hunting for Malicious Binaries and #Backdoors in the Running Containers - by

@tbhaxor

💪 �?��?https://tbhaxor.com/hunting-malicious-binaries-in-containers/… #blueteam #threathunting #DFIR #malware #Docker

10

6

Mehmet Ergene

@Cyb3rMonk

·

Apr 4

In #ThreatHunting or #DFIR, we usually search for the presence of something. Sometimes, absence is also a good indicator of malicious activity. Ex: If you have a scheduled task that runs every hour and does NOTHING (file creation, network conn., etc.), it might be malicious.💡

Quote Tweet

Mehmet Ergene

@Cyb3rMonk

· Apr 4

Question for Red teamers: When using scheduled task for persistence, do you have to check if the malicious process is already running so that you can exit without spawning a duplicate process? #redteam

7

15

eKRAAL Innovation Hub

@eKRAALhub

·

Apr 4

Investors see data breaches as a threat to a company's material value and feel discouraged in investing in a business that has hard its sensitive information compromised. #eKRAAL #ThreatIntelligence #ThreatHunting #infosec #cybersecurity #Data #Breach #Threat

7

17

TrustedSec

@TrustedSec

·

Mar 30

Building out a #ThreatHunting program can be scary!

@H3dTr1p

shares his ‘Crawl, Walk, Run’ approach, which tactically breaks down the individual Threat Hunt building process & provides organizations a strategic option to meet their program objectives

trustedsec.com

Simplifying Your Operational Threat Hunt Planning - TrustedSec

TrustedSec's blog is an expert source of information on information security trends and best practices for strategic risk management.

1

9

36

Pete Bryan

@MSSPete

·

Apr 1

This is a great notebook - making IoC extraction from #ThreatHunting reports quick and simple with the help of #MSTICPy

Quote Tweet

Thomas Roccia

@fr0gger_

· Mar 31

I coded a simple IOCs extractor from an url in Python to show how to extract IOCs from threat report using MSTICpy library! You can play with it in binder and adapt the code if you like! @msticpy #ioc #python #Jupyter #ThreatHunting Notebook: https://github.com/fr0gger/jupyter-collection/tree/main/iocextractor…

Show this thread

GIF

9

44

Ciarán

@thisisfinedfir

·

Mar 30

#Threathunting Tip of the day: One of the methods noted by #Lapsus is the killing of EDR/AV. Hunt for this using the following:

1

2

Visium Technologies, Inc.

@VisiumAnalytics

·

Mar 29

$VISM Take an offensive stance on your cyber security. TruContext will show you potential unprotected paths within your network before you get hacked. https://bit.ly/3Lrn1qy #CyberSecurity #ThreatHunting #MITRE #DataSecurity #CloudSecurity #Malware

forbes.com

Council Post: Four Steps To Get Started With A 'Bottom-Up' Cybersecurity Approach

While a top-down cybersecurity approach may seem like the logical—or even the only option—it seldom produces the desired results.

1

8

27

Insane Forensics

@insaneforensics

·

12h

Let's talk network recon and discovery! This week's #techtalktuesday dives into indicators associated with #apt34, #apt39, and generic approaches. We also talk about how attackers evade signatures and how to deal with this during #threathunting efforts.

youtube.com

Threat Hunting for APT34/APT39/Generic Reconnaissance (T1595.001) and...

Let's talk network recon (ATT&CK ID T1695.001) and discovery (ATT&CK ID T1046)! This week we dive into some of the obvious atomic indicators and talk about b...

3

50

Christophe Limpalair

@christophelimp

·

11h

Join

@Cyb3rWard0g

and I as we discuss #ThreatResearch & #ThreatHunting as a career in this upcoming space �?

3

14

CyberProof

@cyberproofinc

·

11h

✨ Great to see full house and network at #HacktivSummit in #Deauville! ✨ #ThreatIntelligence #ThreatHunting #cyberattack #CyberThreatIntelligence #EnterpriseSecurity #cybersecurity

1

CyberIQs

@CyberIQs_

·

1h

How effective is security awareness training? Not enough & TechTarget #infosec #infosecurity #cybersecurity #threatintel #threatintelligence #hacking #cybernews #cyberattack #threathunting #cloudsecurity #cloudcomputing #malware #ransomware #devops #dfir

cyberiqs.com

News

At CyberIQs we aggregate hundreds of feeds to serve you a wide range cyber security news, explore content and connect with peers.

7

3

CyberIQs

@CyberIQs_

·

4h

Thales opens Cyber Security Operations Center in Morocco to #infosec #infosecurity #cybersecurity #threatintel #threatintelligence #hacking #cybernews #cyberattack #threathunting #cloudsecurity #cloudcomputing #malware #ransomware #devops #dfir

cyberiqs.com

News

At CyberIQs we aggregate hundreds of feeds to serve you a wide range cyber security news, explore content and connect with peers.

3

2

Malware Patrol

@MalwarePatrol

·

12h

Active #Malware samples detected on 2022-04-04 posted by MalwarePatrol on

@AlienVault

OTX: /pulse/624b85ce6ad1729dc0d0ae31/ #ThreatHunting #ThreatIntelligence

2

2

Ciarán

@thisisfinedfir

·

10h

#ThreatHunting Tip of the day: Hunt command line arguments for software management automation tools such as Choclatey & Hombrew on your endpoints. Threat actors can utilise both to install whatever packages they choose and will likely not get flagged by your AV/EDR.

2

Show this thread