6 Threat Hunting Ideas You Can Use Today!

BEFORE WE BEGIN

THREAT HUNTING IDEAS #1: LOOK FOR EXPLOITATION OF HIGH VALUE VULNERABILITIES

MICROSOFT WORD LAUNCHING CONTROL PANEL PROCESS — POTENTIAL CVE-2021–40444 EXPLOIT

THREAT HUNTING IDEAS #2: LOOK FOR MASQUERADING

PROCESS MASQUERADING AS MICROSOFT MALWARE PROTECTION ENGINE

THREAT HUNTING IDEAS #3: LOOK FOR SUSPICIOUS USE OF ONLINE SERVICES

DROPBOX API USAGE — ATTEMPTED DOWNLOAD/UPLOAD

POWERSHELL PASTEBIN DOWNLOAD

THREAT HUNTING IDEAS #4: LOOK FOR SUSPICIOUS USE OF THE REGISTRY

ATTEMPTED VBSCRIPT STORED IN NON-RUN CURRENTVERSION REGISTRY KEY VALUE

THREAT HUNTING IDEAS #5: LOOK FOR SUSPICIOUS BEHAVIORS

EXCESSIVE FILE WRITE OR MODIFICATIONS WITH COMMON RANSOMWARE NOTE EXTENSIONS

THREAT HUNTING IDEAS #6: LOOK FOR SUSPICIOUS BEHAVIORS INVOLVING LOLBINS

SHADOW COPIES DELETION USING OPERATING SYSTEMS UTILITIES

CONCLUSION

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store