Threat Hunting: breaking the habit of talking about 'unknown unknowns' like you know what it means. Part 3.

If you landed here without reading Part 2 of this article, I recommend you head there and give it quick read ;) Towards a better framework for threat hunting Based on what was discussed in Part 1 and Part 2, a more representative framework to approach the epistemic basis of cyber threat hunting would look like the following: When threat hunting we: deal with the realm of “knowable” things, i....

July 10, 2022 · 5 min · Diego Perez @darkquassar

Threat Hunting: breaking the habit of talking about 'unknown unknowns' like you know what it means. Part 2.

If you landed here without reading Part 1 of this article, I recommend you head there and give it quick read ;) Blind Threat Hunting? Let’s continue where we left off. The cyber security industry largely regards Threat Hunting as the art of seeking threats that we don’t know we don’t know (unknown unknowns). An example of this would be the activity of a threat actor that has dwelled in your network for months, exfiltrating data and disseminating back doors, unknown to your cyber team, avoiding the vast majority of your security controls....

July 8, 2022 · 7 min · Diego Perez @darkquassar

Threat Hunting: breaking the habit of talking about 'unknown unknowns' like you know what it means. Part 1.

I seem, then, in just this little thing to be wiser than this man at any rate, in that what I do not know I do not think I know either Socrates I only know one thing: that I know nothing Socratic Paradox In the same way that we hunt for cyber threats, we should strive to hunt for our own biases, which are also threats. These biases are usually encouraged and sedimented by the cyber industry....

July 7, 2022 · 6 min · Diego Perez @darkquassar