5 Threat Hunting Tips from a Seasoned Hunt Team

Threat Hunting Tips #1 — Know what is normal for your environment, then you’ll be able to spot the abnormal easier.

Threat Hunting Tips #2 — When building a hunt, start general and work your way to specific based on your hypothesis. By doing this it creates context and understanding of what it is you are looking at in your environment

Threat Hunting Tips #3 — Sometimes better to hunt on things you understand and know and then pivot vs hunting on things outside your expertise and trying to pivot to something you know

Threat Hunting Tips #4 — Not every hypothesis will be successful and sometimes it might fail. But don’t be discouraged, go back and test again!

And finally… #5 — Knowing your toolset and its data capabilities is just as important as executing your hunt. False Negatives lurk around every corner if you aren’t validating the expected data even exists in your tools.

Conclusion

--

--

--

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How I Hijacked Thousands Of User Accounts In a Popular Spanish App

a screen shot of javascript code

RaceFi Christmas Airdrop Campaign — The total prize of 500 CAR NFTs

RE: Report on subject alpha (Tokyo 1)

Intrusion Prevention for Asterisk with Fail2ban & IPtables

XPOOL TESTNET AIRDROP CAMPAIGN

Encrypting and Decrypting a message using Asymmetric Keys with Java, explained step-by-step with…

Cyber Security | Questions and Answers

📍The second epoch of LP program just ended📍

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cyborg Security

Cyborg Security

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.

More from Medium

Threat Hunting Hypothesis Examples: Five Hunts to Start Out

Hunting Cobalt Strike Servers

MITRE D3FEND Cyber Defense Technique Catalog

Malware Analysis Report 05/13/2022