threat-hunting

In Part 3 of the Threat Hunting Shift, I will introduce an Adversarial Framework for Tactical Cyber Defense Operations. Part 4 will complete the introduction to the framework and Part 5 will further delve into the details of it. I’m a “biggerpicturist” 🪐, I’m always trying to connect the dots in everything I do and this framework is the product of a lot of sense making I’ve been working on for the last 8 months....

Continuing from Threat Hunting Shift Part 3, we will now introduce the Defend and Design domains. So without further ado, let’s dig into it! Note: If you haven’t read the previous post, where I present the Discover and Disrupt domains, I advice you head there and give it a quick read ;) Defend Warlords who have mastered defense, attack from hidden places and assure their own success. They know when, where, and how to make an attack while defending their positions at the same time....

All warfare is based on deception. Hence, when able to attack, we must seem unable; when using our forces, we must seem inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near. Sun Tzu In our previous post I provided background around the industry’s concept of threat hunting as it stands nowadays. What I would like to do in this second part is to delve a bit deeper into one of the active defence tactics mentioned earlier, namely, controlled attack paths and what this means in the context of cyber deception....

Cyber Threat Hunting an the limits of its own self-image Many people dedicate their lives to actualizing a concept of what they should be like, rather than actualizing themselves. This difference between self-actualization and self-image actualization is very important. Most people live only for their image. Bruce-Lee There is an industry-wide notion of what Threat Hunting is supposed to be which pretty much goes this way: a proactive approach for the identification of unknown cyber threats in your network....

If you landed here without reading Part 2 of this article, I recommend you head there and give it quick read ;) Towards a better framework for threat hunting Based on what was discussed in Part 1 and Part 2, a more representative framework to approach the epistemic basis of cyber threat hunting would look like the following: When threat hunting we: deal with the realm of “knowable” things, i....