An00bRektn · @An00bRektn
7 followers · 15 posts · Server infosec.exchange

Had a fun topic pop up on my feed today, looks like a nice hub for . If only I had time to look at it 😭

github.com/topics/cs-go-hack-2

(DISCLAIMER: Don't be dumb, no one is giving you csgo hax, just get good at the game lmao)

#github #malware #infosec #thrunting

Last updated 2 years ago

thrunting idea:

’s making queries to domains under 6 months old 🤔

Hypothesis: malware domains are typically younger, fp’s should be fairly easy to identify, and this may shrink the sample size for large orgs

#windows #lolbin #dns #threathunting #thrunting #threatintel #infosec #cyber #cybersecurity #informationsecurity

Last updated 2 years ago

Joe Słowik · @jfslowik
2746 followers · 1394 posts · Server infosec.exchange
Sam Grubb · @grubbslinger
103 followers · 42 posts · Server ioc.exchange

When did Thrunting become a thing? Did we really need to shorten threat hunting?

#thrunting #threathunting

Last updated 2 years ago

Joe Słowik · @jfslowik
2735 followers · 1365 posts · Server infosec.exchange
Trojan Foxtrot · @trojanfoxtrot
8 followers · 35 posts · Server infosec.exchange

I totally forgot about this place!! But hey maybe I should be involved again.

To my folks out there, what do you do with the massive scanning IP threat feeds? Are you ingesting them into SIEM for alerting?

If you are ingesting bot IPs and scanning IPs, what confidence and severity level do you set your threshold to ingest high fidelity indicators?

I want to know what everyone’s thoughts and strategies are on ingesting low-yield indicators.





#cti #soc #threatintel #ioc #threathunting #thrunting

Last updated 2 years ago

imlordoftherings · @Imlordofthering
303 followers · 630 posts · Server infosec.exchange

It is Thrunting Thursday - what are you looking for today?

I'll be looking for .lnk files that spawn processes with a child or grandchild process that is cmd or powershell - especially originating from non C:\ drives

#thrunting #threathunting #blueteam #detection

Last updated 2 years ago

Selena Larson · @selenalarson
1255 followers · 313 posts · Server mastodon.social
imlordoftherings · @Imlordofthering
297 followers · 621 posts · Server infosec.exchange

It is THRUNTING THURSDAY!

What are you hunting for today?

#thrunting #threathunting #thruntingthursday

Last updated 2 years ago

@burritosec, CISSP · @burritosec
213 followers · 313 posts · Server infosec.exchange

You can't teach instinct. But you can train it and foster it and let it grow, and within a few months suddenly the folks who joined after you and felt overwhelmed are carving out evil and smashing badness every day.

#blueteam #thrunting

Last updated 2 years ago

KD Viking · @Kay_Doe_Potato
12 followers · 9 posts · Server infosec.exchange

what are your favorite things to do with to ? I've been cleared to poke at a target.

#powershell #activedirectory #redteam #blueteam #infosec #pentest #threathunting #thrunting

Last updated 2 years ago

acrypthash👨🏻‍💻 · @acrypthash
278 followers · 204 posts · Server infosec.exchange

I found this through someone on here, but I cannot seem to find the original posting. This site is a must share though for threat hunters:

app.tidalcyber.com/share/f09fa

This site is awesome. Not only does it display the MITRE stuff, this shared matrix gives you so much more. What blew me away specifically about Tidal was that not only does it show the technique used, IT LITERALLY SHOWS YOU WHAT DEFENSE SOFTWARE CAN DETECT IT AND WHAT RULE TO ENABLE TO DETECT IT! This is so awesome! Below is an example for Elastic, among others: app.tidalcyber.com/capability/

Happy hunting and learning!

#threatintel #threathunting #security #elk #elastic #thrunting

Last updated 2 years ago

Adam Pennington · @whatshisface
303 followers · 6 posts · Server infosec.exchange

Kudos to virustotal for the cheatsheet they dropped today (blog.virustotal.com/2022/12/vt). They already had their various search modifiers documented, but this gives a dense set of concrete examples of how they can be used in realistic threat hunting queries.

#cti #vti #virustotal #thrunting

Last updated 2 years ago

imlordoftherings · @Imlordofthering
271 followers · 550 posts · Server infosec.exchange

A colleague of mine discovered a pattern in the downloaded stage 3 SocGholish payload. We've seen a few examples of this file in the most recent campaign where they use special characters in their file name such as:

Chromе.Uрdatе.zip

We've noticed a pattern though - in all of our SIEM queries the TargetFilePath always had the characters 'dat' as a filename.

As such we wrote a simple Sigma rule that can identify that file name. This of course is only useful for this current campaign and the TA can easily adjust file names - but it may be helpful for threat hunting!

TargetFileName|contains:
- "dat\\ufffd\\ufffd.zip"

github.com/joshnck/Sigma_Rules

#SocGholish #thrunting #threathunting #ioc

Last updated 2 years ago

chris!:antiverified: · @burritosec
203 followers · 277 posts · Server infosec.exchange

Attack surface does not just mean "known vulnerability" i.e. a public CVE. It means anywhere your technical controls are lax or cannot be implemented in their usual format.

#blueteam #thrunting

Last updated 2 years ago

El Jefe :verified: · @eljefedsecurit
962 followers · 609 posts · Server infosec.exchange
#infosec #thrunting all y'all getting huffy about your timelines like

#infosec #thrunting

Last updated 2 years ago

El Jefe :verified: · @eljefedsecurit
960 followers · 597 posts · Server infosec.exchange
hey #infosec if you ain't posting my little pony memes today you ain't #thrunting hard enough for a Friday

#infosec #thrunting

Last updated 2 years ago

chris!:antiverified: · @burritosec
189 followers · 223 posts · Server infosec.exchange

This industry will hammer on as many high speed low-drag topics as possible: zero-trust, AI/ML analysis/-enabled EDR, vendor partnerships to increase cloud security...and the entirety of the conversation will happen between 10 people via an on-prem Exchange 2012 server through Office 2008 Outlook installs.

#attacksurface #thrunting

Last updated 2 years ago

grey · @grey
64 followers · 77 posts · Server infosec.exchange

After a several week hiatus has started bidding in auctions held by initial access brokers again. I expect to see new victims posted soon on their blog.

#AvosLocker #osint #threatintel #cti #ransonware #thrunting

Last updated 2 years ago

David Prahl · @infosec_chonk
11 followers · 34 posts · Server infosec.exchange

New Villain (improved Hoaxshell) backdoor runs without obfuscation on falcon Win10 machine. It previously had bypassed Defender and SentinalOne also.
I've sent data to our CS reps to make them aware.

#crowdstrike #infosec #thrunting

Last updated 2 years ago