Joe Morales is currently a Threat Intelligence Engineer at ReliaQuest. He has worked in the security operations space for 4 years. He has experience in digital forensics, incident response, and specializes in threat hunting research and development. Joe works with companies to enhance their ability to proactively identify undetected threats through threat hunting.
Antivirus (AV) is one of the most fundamental tools that an organization can deploy to provide security to their organization. A typical antivirus solution primarily uses signature–based detections for identifying threats on a system which may not catch the most advanced threats, but it is still helpful in detecting some commodity malware and hacking tools. […]
In one of our previous Threat Hunting Use Case blogs, Firewall Targeting DNS, we focused on using firewall data to observe outbound DNS traffic in an environment to identify threats and potential security hygiene issues. One specific objective involved identifying potential endpoints bypassing internal DNS forwarders, in order to address any gaps in security controls or […]
Previously, we discussed the threat hunting use case Windows Authentication Hygiene, which reviewed hygiene and best practices to follow within the environment as well as how to determine an expected baseline of activity. The objective of the prior hunt campaign was to remove as much noise as possible that would hinder detection of actual attacks […]
Adapt and Overcome In the first entry of our Threat Hunting Use Case Blog Series, Firewall Targeting DNS, we discussed the importance of understanding your mission within every threat hunting campaign. As industries have shifted to a remote workforce model as a result of COVID-19, prior baselines and overall understanding of authentication traffic has completely […]
If you’re tired of reacting to alerts and are looking for ways to get proactive with your security posture, you might be considering threat hunting. Threat hunting is an active form of cyber defense that allows your team to proactively identify abnormal behavior or vulnerabilities and mitigate these before any harm is done. But how […]