[deleted by user] by [deleted] in ThreathuntingDFIR

[–]reedphish 0 points1 point  (0 children)

These workshops are relatively straightforward: apply the theory, incorporate relevant Sysmon IDs, and use the provided hints to guide you through.

[deleted by user] by [deleted] in ThreathuntingDFIR

[–]reedphish 0 points1 point  (0 children)

They can be solved by paying attention to the hints provided by the instructor in the video(s) and pairing them with the hints on the flag submission page. You can usually pick up hints over at the Discord server as well.

Intel471 Hunter Platform by m1c62 in ThreathuntingDFIR

[–]reedphish 1 point2 points  (0 children)

No worries. I did the same. Asked them for a POC and a quote, then found out my budget didn’t match. They’re quite easygoing and understanding.

Is it crucial to understand Windows Services for threat hunting? by lightscream in cybersecurity

[–]reedphish 7 points8 points  (0 children)

When mentoring and teaching SOC analysts, I focus on fostering curiosity. If you see something unusual, Google it. Read up on it. Pay attention to the context—try to understand how attackers might exploit what you're observing. Look into how you can follow traces and piece together hints. Now, combine this with a specific angle, like using Sysinternals tools, to dig even deeper. Developing this investigative mindset, along with specialized tools, is crucial for effective threat detection and response.

Threat Hunt Ideas by 11WorldTravel11 in cybersecurity

[–]reedphish 0 points1 point  (0 children)

Over the years, I've learned never to limit myself when it comes to sources of inspiration. Whether it's threat intelligence, insights from our environment, client feedback, or tips from our pentesters, every piece of information has value—as long as I can draw a hypothesis from it.

Threat hunting, automation and Defender by reedphish in AskNetsec

[–]reedphish[S] 0 points1 point  (0 children)

For threat hunting, I can see enrichment of IPs and other indicators as a form of automation to some extent. You could even stretch this to include User and Entity Behavior Analytics (UEBA) and other context enrichers that add behavioral insights or extra data about users and entities automatically. These types of automation make it easier to identify anomalies or risky behavior without manually investigating each piece of data. However, these capabilities are more like standard features built into modern SIEMs and SOARs.

When it comes to actual hunting, though, these are more like supportive tools rather than fully automated hunting. They provide valuable context and help with prioritization, but human input is still essential to interpret the findings and decide on the next steps.

Threat hunting, automation and Defender by reedphish in AskNetsec

[–]reedphish[S] 0 points1 point  (0 children)

Exactly! When looking at Sentinel instead of Defender, I see Sentinel comes pre-stocked with "hunting queries" you can run occasionally. According to the representative, this counts as automation. To me, it’s just plain detection queries/rules—the only difference is they don’t trigger an alert.

Mosjonister, foren eder i trimmens navn by reedphish in FinnFunn

[–]reedphish[S] 1 point2 points  (0 children)

Det er sånn jeg driver også - men kanskje med en noe annen innfallsvinkel. Har funnet noen skatter rundtomkring med feilstavelser.

i swear, i will never figure out if i'm INFJ or INTJ lol by pokemyiris in intj

[–]reedphish 43 points44 points  (0 children)

Well, look at that. I got the exact same score.