By Lee Archinal at Cyborg Security

Image for post
Image for post

You know what was one of my favourite hobbies pre-2020 (and I mean besides threat hunting, of course)? People watching. You grab a coffee, sit down, and watch as (mostly) rational creatures go about their day. But that hobby has a way of turning into a way of thinking and analyzing the world around you. For instance, I remember several years ago at a past job, I would sit at my desk as people came in and out of a secure room. What I noticed was that many people would allow others to tailgate…


By Josh Campbell at Cyborg Security

Automated Threat Hunting
Automated Threat Hunting

Let’s face it, the cyber security industry is full of strong opinions. This is true about best practices, the best methods, or even the best caffeine sources. Another topic that can be polarizing though is the role of automation. Some people swear that the growing volume of attacks means that automation is the only way to keep pace. Others swear that automation is the 21st century version of snake oil. This is an argument I have seen play out for years in SOCs and break rooms, globally. Lately though, I have started to hear…


By Josh Campbell from Cyborg Security

Image for post
Image for post

A colleague asked me about what are the best threat intelligence tools I use for data manipulation on a daily basis. He had stumbled upon a massive CSV file that was submitted to a popular sharing site. He had received a tip that there was some interesting data in it for a client he works with. The trouble he was having was that the file was several gigabytes in size. Every attempt to open the file in Microsoft Excel has proved unfruitful. I recommended that he could use a tool like ‘cat’ and ‘grep’…


By Josh Campbell at Cyborg Security

If you have been looking for useful resources for cyber threat hunting, we’ve got you covered. We have put together 4 videos that will help you become a better threat hunter in no time! Join Austin Jackson as he tackles some of the biggest vulnerabilities and techniques that attackers use. Looking at how they work, what they do, and how you can better defend your organizations!

⟶ Click here to download our free white paper with solutions to the industry’s growing content problem.

A DEEP DIVE INTO THE SUNBURST BACKDOOR

What cyber threat hunting list wouldn’t be complete without something…


By Josh Campbell at Cyborg Security

Image for post
Image for post

I don’t think anyone would dispute that cyber security has a problem with buzzwords. These are words that start with a fixed definition but ultimately are diluted over time. One of these so-called buzzwords is ‘threat detection.’ But I am here to tell you that this is one buzzword that we should reclaimed and that organizations should spend more time considering.

WHAT IS THREAT DETECTION?

Before we go digging into threat detection, let’s first define what it is. You’d be forgiven for wondering why we need to define threat detection in the first place. Especially since the term…


By Josh Campbell from Cyborg Security

Image for post
Image for post

Let’s face it: threat hunting is a tool and technology-intensive discipline. It can sometimes seem like expensive commercial threat hunting tools and services are the only tools in the industry. The reality, though, is that most threat hunters don’t rely exclusively on these fancy tools. Instead, many hunters find themselves reaching for free and flexible tools for investigations. But the pace that these tools are released at often leaves people dazed and confused. We talked to threat hunters across the industry to find their top tools. …


By Josh Campbell from Cyborg Security

Image for post
Image for post

It is safe to say that 2020 was a year of “the new normal” for everyone, and doubly so for security teams. Not only has the COVID-19 pandemic been a generational touchpoint, statistics show that is it the largest cyber security event in history. Security teams also received an unwelcome Christmas present in the form of the massive supply chain attack against SolarWinds, affecting up to 18,000 of the world’s largest companies. Overall, 2020 has been a year that organizations and security professionals want to put behind them.

With 2021 finally upon us, many…


By Josh Campbell from Cyborg Security

Image for post
Image for post

THREAT HUNTING TACTICS

Threat hunters use a variety of tactics when they are planning a hunt. The tactics describe what is the primary driver for the hunt.

Intelligence-Driven

Amongst threat hunting tactics, intelligence-driven hunting is heavily used in structured hunts. This type of hunting revolves around threat intelligence reporting often involving active exploitation. Hunters, when alerted to this activity will craft their hypothesis and plan their hunt. Intelligence-driven hunts are not built on indicators, instead, these hunts look for specific behaviours of actors and their tools.

Target-Driven

Another of the most common threat hunting tactics is target-driven…


By Josh Meltzer from Cyborg Security

Image for post
Image for post

Introduction

Last week FireEye shared that they experienced unauthorized access and theft of their offensive security tools used by their red team, by a sophisticated state-sponsored adversary. Although the theft of these sophisticated tools will have an impact on future attacks carried out by the adversary, how they accessed the tools was a much bigger problem. Over the weekend FireEye shared more details of their compromise and broke the news that they fell victim to a supply-chain attack involving the IT services company SolarWinds. FireEye reported the SolarWinds Orion software update had a backdoor injected…


By Josh Campbell from Cyborg Security

Image for post
Image for post

Threat hunting techniques don’t always have to be super advanced or complicated to yield beneficial results. There are a number of threat hunts that are simple to carry out, and which can find hidden threats that may not necessarily be picked up by traditional threat detection tools.

The following three hunts are a perfect way for beginner threat hunters and SOC analysts to dip their toes in the water and start honing their skills before building out a more formalized threat hunting program. …

Cyborg Security

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store