hunting”
-
Mastering CSRF: Techniques, Bypasses, and ExploitsCross-Site Request Forgery (CSRF) is a client-side attack where a victim is tricked into unknowingly sending unintended HTTP requests. Attackers exploit authenticated sessions to perform unauthorized actions on behalf of the user. While they cannot read the responses, they can trigger state-changing requests such as changing passwords, transferring funds, or posting…
-
Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment helps support this platform at no extra cost to you. Article Link: Cross-Domain Attack Defense with Intel-Led Threat…
-
1. Threat Hunting Hypothesis Web Proxy- find consistent HTTP beaconing behaviour which may indicate malware C2 Hunt Scenario Description Malware C2 frequently establish regular request intervals (“beacons”) to maintain communication with the attacker’s infrastructure. Suspicious patterns can be hunted using different techniques which includes• Dynamically generated domain analysis,• Threat intelligence comparison• Domain rarity analysis• User…
-
In the ever-evolving landscape of cybersecurity, detecting and responding to threats has become more complex. One of the more advanced techniques gaining traction is implied cyber threat hunting. Unlike traditional threat hunting, which often involves reacting to known threats and signature-based detection, implied threat hunting focuses on uncovering hidden or yet-to-be-identified threats based on contextual…
-
Choosing between AI-based threat hunting and manual methods is a losing proposition. Use this hybrid approach to get the best of both types of threat hunting.
-
PsExec, a command-line utility used for remotely managing Windows computers, is often abused by threat actors. Here’s how to threat hunt for suspicious PsExec activity.
-
New research from Claroty’s Team82 research arm uncovered three vulnerabilities in Hunting Planet WGS-804HPT industrial switch that could allow an attacker to remotely execute code on a vulnerable device. These vulnerabilities include separate buffer and integer overflow vulnerabilities and an OS command injection flaw; an exploit was developed that leverages these bugs and remotely runs…
-
Hello everyone, I’m currently building a small lab environment to practice threat hunting, but I have limited resources. Here are the details of my setup: Laptop Specs: Ryzen 7 7000 Series (H), 12th Gen 16GB DDR5 RAM 512GB NVMe SSD Linux as the host OS (GNOME desktop environment, which is slightly resource-intensive). Lab Setup: An…
-
Hi All! I’m a senior SOC analyst with 5.5 years of experience in SOC and I kinda want to break out of this job. I have received a call for an interview for a threat hunting/intelligence role, something that I want to work in but don’t have much professional experience in. I need some guidance…
-
As organizations around the world struggle with extended downtime and revenue loss due to widespread cyberattacks, Rubrik announces Rubrik Turbo Threat Hunting.
-
Zeek (formerly Bro) is a powerful open-source network monitoring and intrusion detection system that generates detailed logs about network traffic. Zeek logs contain valuable information about network activity, which can be analyzed to detect anomalies, threats, and trends. Here’s a detailed guide to analyzing Zeek logs effectively:
-
Cozy Bear is a Russian, state-sponsored group that has conducted operations on behalf of Russia’s Foreign Intelligence Service aka SVR since at least 2008. This group mainly seeks persistent access to strategic targets with intelligence value for Russia but has other aims, including the theft of intellectual property that will benefit Russian businesses. Other names given…
-
Just as shoppers heading online for Black Friday and Cyber Monday deals a new report from Bitdefender uncovers interesting parallels with behavior on dark web marketplaces.
-
When hunting on endpoints, threat hunters focus on three primary types of Indicators of Compromise (IoCs):
-
As the Black Friday weekend draws closer, American shoppers say they’re going to be on the hunt for online deals, while also keeping an eye out for cyber scammers.
-
Published in · 4 min read · 6 hours ago YARA (Yet Another Ridiculous Acronym) is a tool developed by Victor Alvarez of VirusTotal to help malware researchers detect and categorize malware. It’s essentially a powerful pattern-matching tool, similar to grep, but optimized for identifying malware using complex regular expressions. YARA rules can search files,…