Sqrrl Blog

Sep 28, 2016 8:00:00 AM

Threat Hunter Profile - Jason Smith

jason.jpg 

Name: Jason Smith

Organization: FireEye

Years hunting: 6

Favorite datasets: Flow data, Bro logs (http, dns, etc.), Windows event logs

Favorite hunting techniques: Pivoting from statistical anomalies, behavioral deviations for local assets

Favorite tools: SiLK, FlowBAT, Bro, Security Onion, Wireshark, Bash

@Automayt

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Sep 14, 2016 8:30:00 AM

Threat Hunter Profile - Samuel Alonso

SAG.jpg

Name: Samuel Alonso

Organization: KPMG

Years hunting: 2

Favorite datasets: AV, firewall, proxy, IDS and passive DNS

Favorite hunting techniques: Stack counting, anomaly detection and visualization

Favorite tools: Volatility, Passive Total, Santoku and Kali Linux

@Cyber_IR_UK

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Aug 30, 2016 8:00:00 AM

Threat Hunter Profile - Chris Sanders

chris_headshot.jpg

Name: Chris Sanders

Organization: FireEye

Years hunting: 10

Favorite datasets: Flow, Bro, Windows endpoint logs

Favorite hunting techniques: Aggregations, pivots, relationship graph visualizations

Favorite tools: SiLK, FlowBAT, Python, Wireshark, FireEye TAP, Splunk

@chrissanders88

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Aug 17, 2016 8:00:00 AM

Threat Hunter Profile - Josh Liburdi

headshot.png

Name: Josh Liburdi

Organization: Sqrrl

Years hunting: 3

Favorite datasets: Bro, memory artifacts, file metadata

Favorite hunting techniques: Stack Counting, baselining, data visualization

Favorite tools: Bro, LaikaBoss, Volatility, Sqrrl

@jshlbrd

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Aug 1, 2016 5:45:22 PM

Threat Hunter Profile - David Bianco

Editor's Note: This is the first in a series of posts that will profile various threat hunters, highlighting their experiences, as well as hunting techniques and lessons from the field.

Name: David J. Bianco

Organization: Target

Years hunting: 8

Favorite datasets: HTTP proxy logs, authentication logs, process data

Favorite hunting techniques: Outlier detection, visualization

Favorite tools: Sqrrl, Unix command line, Python, Apache Spark, scikit-learn

@DavidJBianco

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile