List: Threat Hunting | Curated by mthcht

Jul 22, 2024
22 stories
6 saves
Threat Hunting
In
Detect FYI
by
mthcht
Threat Hunting - Suspicious Named pipes
Jul 22, 2024
Jul 22, 2024
In
Detect FYI
by
mthcht
Threat Hunting — Suspicious Windows Service NamesSimulation and Detection
Jan 8, 2024
1
Jan 8, 2024
1
In
Detect FYI
by
mthcht
Event Log Manipulations - Time slippingAfter reading Alex’s latest article, I’m inspired to start a detection serie dedicated to Event Log manipulation techniques, with our first…
Jan 13, 2024
Jan 13, 2024
In
Detect FYI
by
mthcht
Threat Hunting - Suspicious User AgentsHunting for Suspicious User Agents with Splunk
Jan 1, 2024
2
Jan 1, 2024
2
In
Detect FYI
by
mthcht
Detecting DNS over HTTPSDetecting DNS over HTTPS - DoH with a SIEM - logs analysis
Nov 7, 2023
1
Nov 7, 2023
1
In
Detect FYI
by
mthcht
Threat Hunting - Suspicious TLDs
Nov 3, 2023
1
Nov 3, 2023
1
In
Detect FYI
by
mthcht
Detect DLL Hijacking techniques from HijackLibs with SplunkSplunk detections searches
Oct 1, 2023
Oct 1, 2023
In
Detect FYI
by
mthcht
How Threat Actors use PastebinWhy is it important to monitor paste sites? detection tips
Aug 24, 2023
Aug 24, 2023
mthcht
LOLBAS Detection Serie [2] — Mspub.exe + ProtocolHandler.exe + MsoHtmEd.exeThe LOLBAS serie : https://medium.com/@mthcht/list/lolbas-843ba9de6810
Aug 23, 2023
Aug 23, 2023
In
Detect FYI
by
mthcht
LOLBAS Detection Serie [1] - AppInstaller.exeTesting and Detecting LOLBAS techinques
Aug 21, 2023
Aug 21, 2023
In
Detect FYI
by
mthcht
Detecting Phishing attempts with DNSTWISTDNSTWIST for SOC & CTI
Aug 15, 2023
Aug 15, 2023
In
Detect FYI
by
mthcht
File Integrity Monitoring with AuditdFIM ? PCI DSS ?
Aug 11, 2023
Aug 11, 2023
In
Detect FYI
by
mthcht
How Threat Actors Use GitHubIntroduction
Aug 8, 2023
Aug 8, 2023
 This story is no longer available
mthcht
Threat Hunting - HTTP Requests Without Domain NamesIntroduction
Aug 7, 2023
Aug 7, 2023
mthcht
Canary Tokens and Callback URLs: A Double-Edged SwordIntroduction
Aug 7, 2023
Aug 7, 2023
mthcht
Hunting for suspicious ports activitiesUsing the list of suspicious ports: https://github.com/mthcht/awesome-lists/blob/main/Lists/suspicious_ports_list.csv (updated regularly)
Aug 7, 2023
Aug 7, 2023
In
Detect FYI
by
mthcht
Detecting PSEXEC and similar toolsDetect PSEXEC
Aug 7, 2023
Aug 7, 2023
In
Detect FYI
by
mthcht
Detecting HTML smuggling phishing attemptsExample from a real phishing attempt (BASE64 + AES):
Aug 7, 2023
Aug 7, 2023
mthcht
C2 Hiding in plain sightUnderstanding your environment with the applications used and allowed will enhances the effectiveness of your hunt here.
Aug 7, 2023
Aug 7, 2023