Sqrrl Blog

Mar 29, 2017 8:00:00 AM

Threat Hunter Profile - Ryan Nolette

ryan.jpeg 

Name: Ryan Nolette

Organization: Sqrrl

Years hunting: 7

Favorite datasets: Process execution, process parentage, registry key modification/creation, IDS/IPS logs, Bro, firewall logs

Favorite hunting techniques: Daily dynamic list creation, OODA looping, data traversal analysis

Favorite tools: Bro, Snort, Suricata, Sqrrl, volatility, nmap, Wireshark, REMnux, SIFT, PFsense, malzilla

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Feb 8, 2017 8:00:00 AM

Threat Hunter Profile - Deirdre Morrison

Deirdre_GoSecure.jpg 

Name: Deirdre Morrison

Organization: GoSecure

Years hunting: 2

Favorite datasets: Firewall/Server/Proxy logs, Syslog, ((N|L)IDS)

Favorite hunting techniques: Endpoint behavior analysis, anomaly detection

Favorite tools: Wireshark, Nmap, Kali, Custom/Github Tools

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Jan 25, 2017 8:30:00 AM

Threat Hunter Profile - Hem Karlapalem

Hem-Karlapem.jpg 

Name: Hem Karlapalem

Organization: Global Fortune 100 Company

Years hunting: 3

Favorite datasets: Proxy, DNS, Domain controller and endpoint logs

Favorite hunting techniques: Time series analysis, linked data analysis

Favorite tools: SysInternals, Wireshark/tcpdump, ELK suite, Powershell

@hemkrlplm

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Jan 11, 2017 8:00:00 AM

Threat Hunter Profile - Katie Horne

KatiePic.jpg 

Name: Katie Horne

Organization: GoSecure

Years hunting: 2

Favorite datasets: Network flow, application level data, firewall/switch/AP logs, file/process data, Windows event logs

Favorite hunting techniques: Searching, grouping, intel analysis

Favorite tools: SuricataSpamScope, Sagan, STIX, honeypots (cowrie, YALIH)

@WaysideKt

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Jan 5, 2017 8:00:00 AM

Demystifying Threat Hunting Concepts

By Josh Liburdi

This post is about demystifying threat hunting concepts that seem to trip up practitioners and outsiders. If the summary in the TLDR below seems appealing, then please continue to the meat of the post.

TLDR?

  • Threat hunting doesn’t have to be complex, but it’s not for everyone
  • Knowing how to begin and end a hunt is more important than knowing how to carry out a hunt
  • If you need a place to start, look at trends in the threat landscape and focus on threats that you do not have automated alerts/detections for
  • Hunting is a creative process that rewards those who take chances
  • Finish with something, anything actionable — so long as it provides value

All set?

Read More

Topics: Cyber Hunting, Threat Hunting

Dec 21, 2016 10:30:00 AM

Threat Hunter Profile - Eric Cole

eric.jpeg 

Name: Eric Cole

Organization: Secure Anchor Consulting

Years hunting: 10+

Favorite datasets: Firewall and router logs, Netflow, Windows logs and Syslog

Favorite hunting techniques: Connection analysis, kill chain orientation

Favorite tools: Wireshark, Bro, Perl, Powershell, Custom Tools

@drericcole

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Dec 7, 2016 12:15:08 PM

Threat Hunter Profile - Travis Barlow

TravisBnWFull.jpg 

Name: Travis Barlow

Organization: GoSecure

Years hunting: 7

Favorite datasets: Firewall/Switch/Server logs, DNS logs, Netflow Data

Favorite hunting techniques: Endpoint behavior analysis, DNS analysis

Favorite tools: Suricata, WiresharkBroGrimm, Log Intrusion Detection tool sets

@Travis_R_Barlow

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Nov 23, 2016 8:00:00 AM

Threat Hunter Profile - Alan Orlikoski

alan.jpg 

Name: Alan Orlikoski

Organization: Oracle

Years hunting: 3

Favorite datasets: Network data (Bro), stacked Appcompat, shimcache, Windows Powershell event logs, bash shell history files

Favorite hunting techniques: Data traversal analysis, daily dynamic list creation, kill chain analysis

Favorite tools: Log Parser, CCF-VM, LogstashPython, command line (grep, head, tail, sed, awk)

@AlanOrlikoski

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Nov 9, 2016 8:00:00 AM

Threat Hunter Profile - Matt Arnao

IMG_2176.jpg 

Name: Matt Arnao

Organization: Lockheed Martin

Years hunting: 5

Favorite datasets: Network sensor and security device logs, windows events, application logs

Favorite hunting techniques: Pivoting, "over the horizon" data gathering, kill chain analysis

Favorite tools: Suricata, yaraSecurity Onion, jq

@mattarnao

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Oct 26, 2016 8:00:00 AM

Threat Hunter Profile - Stephen Hinck

stephen_pic.jpg 

Name: Stephen Hinck

Organization: Oracle

Years hunting: 5

Favorite datasets: network logs (proxy, Bro, DNS, etc), process execution, and AV logs

Favorite hunting techniques: Stacking, kill chain analysis

Favorite tools: Command line utilities (grep, sed, awk), ELK stack, ELSA, FireEye TAP

@StephenHinck

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile