@chrissanders88 The explosion of lean, AI-driven startups is triggering defensive M&A from legacy giants. This consolidation ultimately shrinks product lines, cuts headcount, and forces us to look to policy to handle AI displacement.
@chrissanders88 You’re spot on. Many analysts do this without realizing it. When I mentor analysts, I encourage them to make it a standard part of triage. Too many skip the mental mapping and jump straight to a previous investigation or a single IOC.
Interesting comment from @johnaddison in the 2024 SANS Threat Hunting Survey review on varying time/date stamping. How is this still a major problem?
https://t.co/VotqFz6j3i
#threathunting
📄 The Linux #IncidentResponse & #ThreatHunting Poster by @4enzikat0r & @tazwake is your forensic roadmap, helping you analyze timestamps, track persistence mechanisms, & uncover hidden malware.
📥 Download your FREE copy!: https://t.co/Zj7jmQn5eV
#DFIR#Linux
https://t.co/wz0C8QRRTr
It was a lot of fun working on this report with https://t.co/HGLQK9E9H3 and https://t.co/Amzu9zhMAC @0xtornado - we came up with a new Sigma detection for Impacket tools that I hope you will find useful for #threathunting
@MalwareJake There are Threat Hunts that can be performed by entry level analysts. I would never discourage a company from periodically searching for new mail forwarding rules being added, suspicious use of RMM tools, etc.
It's time to turn your hunt into automated detection, but how? Need some help figuring out what type of detection might be appropriate? Check out the new #PEAK#ThreatHunting framework post, featuring the Hierarchy of Detection Outputs!
https://t.co/8TeLHVseJj
#Splunk#SURGe
Our ‘What is Tier Zero’ blog post is out! 🚀 https://t.co/8O3V3kFoGf
It'll be the first in a series where we'll deep-dive into the critical assets of AD and Azure. We will build out a Tier Zero table with all the assets we consider throughout the series.
@MITREattack@MrTrav The TEACH project is more about the difficulty in actually perpetrating the attack and not necessarily detecting it. DeTTECT https://t.co/aXEwjvQ7dc is a good tool but I am looking for something that is ranked as a starting point, without context of a specific network.
@MITREattack@MITREattack on this topic, are you aware of any projects to rank the difficulty of detecting TTP's relative to the various possible "methods of execution" and/or amount of noise to cut through. The closest thing I can think of is @MrTrav's https://t.co/pmKAzN2tmf