Sqrrl Blog

Apr 27, 2016 4:27:00 PM

Threat Hunting Quick Fix

Originally posted by Samuel Alonso, KPMG Global Security Operations Center threat hunter at http://cyber-ir.com/2016/03/08/threat-hunting-quick-fix/ 

Are you currently threat hunting and not finding much? I do not support this threat hunting modality however it is true that I use it when I do not have the time to go on a hunting trip and keep focused.

This is not a silver bullet but it is true that it can help in your hunting trips, looking for already known IOC’s sometimes can bring up interesting results.

Read More

Topics: Incident Response, Threat Hunting, Cyber Threat Hunting, Security Analytics

Apr 20, 2016 10:47:00 AM

Cyber Threat Hunting (3): Hunting in the Perimeter

Originally posted by Samuel Alonso, KPMG Global Security Operations Center threat hunter at http://cyber-ir.com/2016/03/01/cyber-threat-hunting-3-hunting-in-the-perimeter/ 

In this third post, we will learn what we need to look at when hunting and detecting adversaries in the perimeter. We are also going to look at some of the firewall technologies and their log formats in order to detect anomalies in the inbound and outbound traffic in your network.

Read More

Topics: Cyber Hunting, Incident Response, Threat Hunting, Cyber Threat Hunting

Apr 14, 2016 11:16:00 AM

Cyber Threat Hunting (2): Getting Ready

Originally posted by Samuel Alonso, KPMG Global Security Operations Center threat hunter at http://cyber-ir.com/2016/02/05/cyber-threat-hunting-2-getting-ready/ 

In my previous post, I went through the basics of hunting and its benefits for organizations and their analysts. To continue the journey, today I am going to cover the preparations you need to do before you go out there and hunt. 

As you need some degree of preparation for many of the activities we do on a daily basis, you can improvise, but I suggest you don't as hunting is an activity that requires a high level of concentration so you only want to focus on what it is important for the hunt.

Read More

Topics: Cyber Hunting, Threat Hunting, Cyber Threat Hunting

Apr 8, 2016 10:49:00 AM

Cyber Threat Hunting (1): Intro

Originally posted by Samuel Alonso, KPMG Global Security Operations Center threat hunter at http://cyber-ir.com/2016/01/21/cyber-threat-hunting-1-intro/ 

After some long months debating whether to write a white paper, and what potential topics I could write about, I have ultimately decided that I do not have enough time to go through the process of writing a research paper for the next 6 to 12 months. Instead, I am taking some of my research and current experience  and I am sharing it with you. I will be brief and to the point – it is not my intention to spend much time in the bushes. I want to provide you with a solid foundation to start hunting and understanding the “creativity” behind the process.

Read More

Topics: Cyber Hunting, Incident Response, Threat Hunting, Cyber Threat Hunting