threat-hunting

All warfare is based on deception. Hence, when able to attack, we must seem unable; when using our forces, we must seem inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near. Sun Tzu In our previous post I provided background around the industry’s concept of threat hunting as it stands nowadays. What I would like to do in this second part is to delve a bit deeper into one of the active defence tactics mentioned earlier, namely, controlled attack paths and what this means in the context of cyber deception....

Cyber Threat Hunting an the limits of its own self-image Many people dedicate their lives to actualizing a concept of what they should be like, rather than actualizing themselves. This difference between self-actualization and self-image actualization is very important. Most people live only for their image. Bruce-Lee There is an industry-wide notion of what Threat Hunting is supposed to be which pretty much goes this way: a proactive approach for the identification of unknown cyber threats in your network....

If you landed here without reading Part 2 of this article, I recommend you head there and give it quick read ;) Towards a better framework for threat hunting Based on what was discussed in Part 1 and Part 2, a more representative framework to approach the epistemic basis of cyber threat hunting would look like the following: When threat hunting we: deal with the realm of “knowable” things, i....

If you landed here without reading Part 1 of this article, I recommend you head there and give it quick read ;) Blind Threat Hunting? Let’s continue where we left off. The cyber security industry largely regards Threat Hunting as the art of seeking threats that we don’t know we don’t know (unknown unknowns). An example of this would be the activity of a threat actor that has dwelled in your network for months, exfiltrating data and disseminating back doors, unknown to your cyber team, avoiding the vast majority of your security controls....

I seem, then, in just this little thing to be wiser than this man at any rate, in that what I do not know I do not think I know either Socrates I only know one thing: that I know nothing Socratic Paradox In the same way that we hunt for cyber threats, we should strive to hunt for our own biases, which are also threats. These biases are usually encouraged and sedimented by the cyber industry....