Sqrrl Blog

Apr 26, 2017 8:00:00 AM

Threat Hunter Profile - Pietro Bempos

pietro.jpg 

Name: Pietro Bempos

Organization: Zurich Insurance

Years hunting: 1

Preferred datasets: Endpoint logs/process data, windows event logs, DNS logs, server application logs

Preferred hunting techniques: Threat mapping, IP stacking (outlier detection), asset prioritization and investigation

Preferred tools: Linux command line, custom scripting (Python and Bash), custom tools

@mingRICE

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Apr 12, 2017 12:30:00 PM

Threat Hunter Profile - James Bower

JamesBower.jpg 

Name: James Bower

Organization: Quantum Security

Years hunting: 10

Favorite datasets: Bro logs, DNS, HTTP proxy logs, Sysmon and OSSEC

Favorite hunting techniques: Outbound traffic analysis, Stacking (outlier detection), process and registry change analysis, temporal baselining

Favorite tools:  Bro, Unix commands (grep, sed, awk), TShark, Splunk

@jamesbower

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Mar 29, 2017 8:00:00 AM

Threat Hunter Profile - Ryan Nolette

ryan.jpeg 

Name: Ryan Nolette

Organization: Sqrrl

Years hunting: 7

Favorite datasets: Process execution, process parentage, registry key modification/creation, IDS/IPS logs, Bro, firewall logs

Favorite hunting techniques: Daily dynamic list creation, OODA looping, data traversal analysis

Favorite tools: Bro, Snort, Suricata, Sqrrl, volatility, nmap, Wireshark, REMnux, SIFT, PFsense, malzilla

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Feb 8, 2017 8:00:00 AM

Threat Hunter Profile - Deirdre Morrison

Deirdre_GoSecure.jpg 

Name: Deirdre Morrison

Organization: GoSecure

Years hunting: 2

Favorite datasets: Firewall/Server/Proxy logs, Syslog, ((N|L)IDS)

Favorite hunting techniques: Endpoint behavior analysis, anomaly detection

Favorite tools: Wireshark, Nmap, Kali, Custom/Github Tools

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Jan 25, 2017 8:30:00 AM

Threat Hunter Profile - Hem Karlapalem

Hem-Karlapem.jpg 

Name: Hem Karlapalem

Organization: Global Fortune 100 Company

Years hunting: 3

Favorite datasets: Proxy, DNS, Domain controller and endpoint logs

Favorite hunting techniques: Time series analysis, linked data analysis

Favorite tools: SysInternals, Wireshark/tcpdump, ELK suite, Powershell

@hemkrlplm

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Jan 11, 2017 8:00:00 AM

Threat Hunter Profile - Katie Horne

KatiePic.jpg 

Name: Katie Horne

Organization: GoSecure

Years hunting: 2

Favorite datasets: Network flow, application level data, firewall/switch/AP logs, file/process data, Windows event logs

Favorite hunting techniques: Searching, grouping, intel analysis

Favorite tools: SuricataSpamScope, Sagan, STIX, honeypots (cowrie, YALIH)

@WaysideKt

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Dec 21, 2016 10:30:00 AM

Threat Hunter Profile - Eric Cole

eric.jpeg 

Name: Eric Cole

Organization: Secure Anchor Consulting

Years hunting: 10+

Favorite datasets: Firewall and router logs, Netflow, Windows logs and Syslog

Favorite hunting techniques: Connection analysis, kill chain orientation

Favorite tools: Wireshark, Bro, Perl, Powershell, Custom Tools

@drericcole

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Dec 7, 2016 12:15:08 PM

Threat Hunter Profile - Travis Barlow

TravisBnWFull.jpg 

Name: Travis Barlow

Organization: GoSecure

Years hunting: 7

Favorite datasets: Firewall/Switch/Server logs, DNS logs, Netflow Data

Favorite hunting techniques: Endpoint behavior analysis, DNS analysis

Favorite tools: Suricata, WiresharkBroGrimm, Log Intrusion Detection tool sets

@Travis_R_Barlow

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Nov 23, 2016 8:00:00 AM

Threat Hunter Profile - Alan Orlikoski

alan.jpg 

Name: Alan Orlikoski

Organization: Oracle

Years hunting: 3

Favorite datasets: Network data (Bro), stacked Appcompat, shimcache, Windows Powershell event logs, bash shell history files

Favorite hunting techniques: Data traversal analysis, daily dynamic list creation, kill chain analysis

Favorite tools: Log Parser, CCF-VM, LogstashPython, command line (grep, head, tail, sed, awk)

@AlanOrlikoski

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Nov 9, 2016 8:00:00 AM

Threat Hunter Profile - Matt Arnao

IMG_2176.jpg 

Name: Matt Arnao

Organization: Lockheed Martin

Years hunting: 5

Favorite datasets: Network sensor and security device logs, windows events, application logs

Favorite hunting techniques: Pivoting, "over the horizon" data gathering, kill chain analysis

Favorite tools: Suricata, yaraSecurity Onion, jq

@mattarnao

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile