Gone are the days of defense solely relying on systems being patched. The model of hiding behind firewalls like the Greeks in Troy. This has been proven, time and time again, to be as faulty in Cyber as it was in the days of old. There aren’t many hard definitions in Cyber, so here’s Hackmethod’s take on a popular topic that’s been brought up around the water cooler for the past few days.
Definition of Cyber Hunting by our good friends at Wikipedia: “Cyber threat hunting is “the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.” This is in contrast to traditional threat management measures, such as firewalls, intrusion detection systems (IDS), and SIEM Systems, which typically involve an investigation after there has been a warning of a potential threat or an incident has occurred.” In short, hunting begins when traditional security methods fail. Teams are called upon to enter contested terrain and defeat attackers. This article discusses the high level process of how a team would approach such a situation. In later articles we will step through each phase of an attack, discuss technical methods and use some open source tools as a demonstration.