Introduction to Zeek: Open-Source Threat Hunting and Network Traffic Analysis
The article introduces Zeek, an open-source network traffic analyzer for security monitoring, threat hunting, and incident response, highlighting its ability to process PCAP files or live network data.
Threat Hunting Techniques for APT34 and APT39: Identifying Network Scanning Behavior
insights from a Tech Talk by Dan Gunter of Insane Cyber shed light on how defenders can pinpoint these early-stage network scanning activities, which are the digital footprints left during the reconnaissance and discovery phases of an attack.
10 Free and Effective Ways to Harden Cyber Defenses Immediately (Response to White House Advisory)
Learn how to strengthen your organization’s cybersecurity with immediate, practical steps based on recent White House guidance. This expert breakdown covers prevention, detection, and response—without the need for costly tools or vendors.
Hunt Like They Fight: How The DoD’s Joint Targeting Cycle Can Help Improve Your Threat Hunts
Learn how to apply the military’s Joint Targeting Cycle to cyber threat hunting for smarter, structured, and more effective security operations.
Building a Hacking Lab on a Budget: From Free to $XXX,XXX
Learn how to build a budget-friendly hacking lab at home or in an office using virtualization, single-server setups, or enterprise-grade multi-server environments. Explore cost-effective hardware, software, cloud options, and licensing tips to create the perfect cybersecurity research lab.
Going from Nation State Malware Sample to MITRE ATT&CK Techniques in Under 5 Minutes
Learn how to analyze nation-state malware like BlackEnergy using Hybrid Analysis. Discover key attack techniques, MITRE ATT&CK mapping, and best practices for cybersecurity threat hunting.
Hunting for APT28/Hafnium NTDS.dit Domain Controller Credential Harvesting [MITRE ATT&CK T1003.003]
Learn how attackers harvest credentials from Windows domain controllers using NTDS.dit extraction techniques, including NTDSutil.exe, Volume Shadow Copy, and Impacket. Discover detection methods and security best practices to protect Active Directory environments from credential theft.
Using MITRE ATT&CK for Enterprise and ATT&CK for ICS in Industrial Environments
MITRE’s ATT&CK for Enterprise matrix and ATT&CK for ICS matrix provide two valuable reference models for network security. In this edition of #TechTalkTuesday, we will be joined by Ron Fabela from SynSaber to explore why you should be using both models to secure industrial systems and networks.
Threat Hunting for No-Key-Theft-Required Attacks in Trusted Binaries [MITRE ATT&CK T1553.002]
Digitally signed executables provide one layer of trust to prevent attacks that leverage unauthorized or unexpected code.
Put Down Your Dukes: Hunting For Hacking Group APT 29/APT 37/APT 40’s Covert Data Exfiltration
This article explores how these groups use steganography to conceal and transmit stolen data.