Sqrrl Blog

Mar 29, 2017 8:00:00 AM

Threat Hunter Profile - Ryan Nolette

ryan.jpeg 

Name: Ryan Nolette

Organization: Sqrrl

Years hunting: 7

Favorite datasets: Process execution, process parentage, registry key modification/creation, IDS/IPS logs, Bro, firewall logs

Favorite hunting techniques: Daily dynamic list creation, OODA looping, data traversal analysis

Favorite tools: Bro, Snort, Suricata, Sqrrl, volatility, nmap, Wireshark, REMnux, SIFT, PFsense, malzilla

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Feb 8, 2017 8:00:00 AM

Threat Hunter Profile - Deirdre Morrison

Deirdre_GoSecure.jpg 

Name: Deirdre Morrison

Organization: GoSecure

Years hunting: 2

Favorite datasets: Firewall/Server/Proxy logs, Syslog, ((N|L)IDS)

Favorite hunting techniques: Endpoint behavior analysis, anomaly detection

Favorite tools: Wireshark, Nmap, Kali, Custom/Github Tools

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Jan 25, 2017 8:30:00 AM

Threat Hunter Profile - Hem Karlapalem

Hem-Karlapem.jpg 

Name: Hem Karlapalem

Organization: Global Fortune 100 Company

Years hunting: 3

Favorite datasets: Proxy, DNS, Domain controller and endpoint logs

Favorite hunting techniques: Time series analysis, linked data analysis

Favorite tools: SysInternals, Wireshark/tcpdump, ELK suite, Powershell

@hemkrlplm

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Jan 11, 2017 8:00:00 AM

Threat Hunter Profile - Katie Horne

KatiePic.jpg 

Name: Katie Horne

Organization: GoSecure

Years hunting: 2

Favorite datasets: Network flow, application level data, firewall/switch/AP logs, file/process data, Windows event logs

Favorite hunting techniques: Searching, grouping, intel analysis

Favorite tools: SuricataSpamScope, Sagan, STIX, honeypots (cowrie, YALIH)

@WaysideKt

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Dec 21, 2016 10:30:00 AM

Threat Hunter Profile - Eric Cole

eric.jpeg 

Name: Eric Cole

Organization: Secure Anchor Consulting

Years hunting: 10+

Favorite datasets: Firewall and router logs, Netflow, Windows logs and Syslog

Favorite hunting techniques: Connection analysis, kill chain orientation

Favorite tools: Wireshark, Bro, Perl, Powershell, Custom Tools

@drericcole

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Dec 7, 2016 12:15:08 PM

Threat Hunter Profile - Travis Barlow

TravisBnWFull.jpg 

Name: Travis Barlow

Organization: GoSecure

Years hunting: 7

Favorite datasets: Firewall/Switch/Server logs, DNS logs, Netflow Data

Favorite hunting techniques: Endpoint behavior analysis, DNS analysis

Favorite tools: Suricata, WiresharkBroGrimm, Log Intrusion Detection tool sets

@Travis_R_Barlow

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Nov 23, 2016 8:00:00 AM

Threat Hunter Profile - Alan Orlikoski

alan.jpg 

Name: Alan Orlikoski

Organization: Oracle

Years hunting: 3

Favorite datasets: Network data (Bro), stacked Appcompat, shimcache, Windows Powershell event logs, bash shell history files

Favorite hunting techniques: Data traversal analysis, daily dynamic list creation, kill chain analysis

Favorite tools: Log Parser, CCF-VM, LogstashPython, command line (grep, head, tail, sed, awk)

@AlanOrlikoski

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Nov 9, 2016 8:00:00 AM

Threat Hunter Profile - Matt Arnao

IMG_2176.jpg 

Name: Matt Arnao

Organization: Lockheed Martin

Years hunting: 5

Favorite datasets: Network sensor and security device logs, windows events, application logs

Favorite hunting techniques: Pivoting, "over the horizon" data gathering, kill chain analysis

Favorite tools: Suricata, yaraSecurity Onion, jq

@mattarnao

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Oct 26, 2016 8:00:00 AM

Threat Hunter Profile - Stephen Hinck

stephen_pic.jpg 

Name: Stephen Hinck

Organization: Oracle

Years hunting: 5

Favorite datasets: network logs (proxy, Bro, DNS, etc), process execution, and AV logs

Favorite hunting techniques: Stacking, kill chain analysis

Favorite tools: Command line utilities (grep, sed, awk), ELK stack, ELSA, FireEye TAP

@StephenHinck

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile

Oct 13, 2016 8:00:00 AM

Threat Hunter Profile - Danny Akacki

dannyak.png 

Name: Danny Akacki

Organization: Hunt Team for a Fortune 100 Company

Years hunting: 4

Favorite datasets: Proxy, Firewall, IDS, AV, endpoint logs

Favorite hunting techniques: Behavioral detection, breadth scoping, miconfiguration searching

Favorite tools: FireEye TAP, Splunk, Wireshark, Bro, Moloch, Security Onion

@DAkacki

Read More

Topics: Cyber Hunting, Threat Hunting, Threat Detection, Hunter Profile