🪤🐀 Threat Hunting

Integrity Control

As I mentioned, defining a baseline is crucial to filter out irrelevant security and non-security events. There are lots of tools that can help.

There are various APTs out there. APT stands for Advanced Persistent Threat and can be likened to an illicit, malicious organisation. Security companies often assign unique names to these organisations based on their suspected location. For example, Crowdstrike prefers to name them according to their origin: Chinese actors as Pandas, North Korean as Chollimas, Russian as Bears, etc. The universally accepted and agreed-upon notation among security researchers is the ID-based system, such as APT1, APT2, APT44, etc. APTs have different “handwriting, " which is why the MITRE ATTACK matrix was born. In this section, I explore some of the APTs and techniques they use in a story format to make it easier to remember. For more actors and details, please, use https://www.mandiant.com/, https://www.crowdstrike.com/, https://mitre-attack.github.io/attack-navigator/v2/enterprise/, https://malpedia.caad.fkie.fraunhofer.de/actors for more thorough and detailed review.

Version Control

This is about … .

Threat Hunting in AWS

This article is all about AWS Threat Hunting. There will be many Cloud-wide observations, but for now I am only focusing on AWS.

Threat Hunting Overview

Being proactive is usually better than just defending. You know the saying: “The best defence is a good offence”. That’s a great application of this phrase.

The Deep And Dark Web

This is about the Dark and Deep Web. How is it different from the Surface Web? What use can come out of it? Is it legal? How to do TH there?

Threat Modeling