DFIR and Threat Hunting
Sunday, February 20, 2022
Hunting for Fakes
›
I've seen people on twitter refer to hunting as more of a pre detection action than a completely separate process. Granted, there are o...
Sunday, October 31, 2021
Measuring User Behavior
›
I'm always looking for different ways to look at data. Things that will give me insights into how users act as they go about their dai...
Saturday, February 27, 2021
More Behavioral Hunting and Insider Data Theft
›
I consider hunting for insider data theft to be the apex in user behavioral analysis. I recently gave a presentation on this at an internal...
Tuesday, July 7, 2020
Insider Threat Hunting
›
If you subscribe to the notion that a user, who is intent on stealing data from your org, will require a change in their behavior....
Monday, June 22, 2020
Dynamic Correlation, ML and Hunting
›
Hunting has been my primary responsibility for the last several years. Over this time I've done a lot of experimentation arou...
Sunday, May 17, 2020
It's all in the numbers
›
In my last few posts I talked about hunting for anomalies in network data. I wanted to expand on that a bit and specifically tal...
Thursday, May 7, 2020
Hunting for Beacons Part 2
›
In my last post I talked about a method of hunting for beacons using a combination of Splunk and K-Means to identify outliers in n...
›
Home
View web version