Skip to Content

Tag: Threat Hunting

Top SOC Reads: January 2023

Welcome to our new blog series, in which ReliaQuest teammates recommend interesting stories that you might find useful in your day to day jobs. This month, I’m joined by my colleagues, threat hunters George Paco and Jonny Elrod. Here is what we are reading. Rick’s Recommendation “Octosuite: A New Tool to Conduct Open Source Investigations […]

SocGholish: A Tale of FakeUpdates

Editor’s note: Dean Murphy, Brandon Tirado, and Joseph Morales all contributed to this blog. The “SocGholish” (aka FakeUpdates) malware distribution framework has presented a gripping tale of intrigue and suspense for ReliaQuest this year. Just in January, we’ve identified and responded to two discrete “hands-on-keyboard” intrusions traced back to a SocGholish compromise. We contained both […]

What Is Threat Hunting?

Originally published in August 2019 Every industry is susceptible to data breaches and malicious cyber-attacks. In 2021, over 5 billion records were exposed and over 1,200 data breaches occurred in the United States. With an 11% increase in data breaches compared to 2020, CISOs and security operations must actively monitor for threats and combat them before […]

Threat Hunting: DNS Queries Use Case

First published December 2020 In one of our previous Threat Hunting Use Case blogs, Firewall Targeting DNS, we focused on using firewall data to observe outbound DNS (Domain Name System) traffic in an environment to identify threats and potential security hygiene issues. One specific objective involved identifying potential endpoints bypassing internal DNS forwarders, in order to […]

Using TweetDeck for Threat Hunting

Keeping Up on Endless IoCs with TweetDeck Keeping up on the latest news is never an easy task. With endless newsletters, feeds, and social media to keep track of, it can be a daunting task. To help with streamlining information security feeds, I’ve recently turned to TweetDeck, a very useful feature of Twitter. TweetDeck offers […]

Threat Hunting Use Case: Outbound Firewall Traffic

Firewalls are a staple in every enterprise environment and are typically the first line of defense protecting a network. They control the flow of traffic in and out of network boundaries based on a set of rules. The management of these rules will ultimately determine the level of security and protection a firewall provides. One […]

Build a Cyber Threat Hunting Plan With This Step-by-Step Process

Do you and your team want to start proactively threat hunting in your environment? If so, it’s time to dive into the threat hunting steps below, starting with performing research on what you want to hunt for before digging into the data. It can be tempting for security teams to want to dive right in without a […]

Threat Hunting Use Case: Malware & Antivirus

Updated May 2021 Antivirus (AV) is one of the most fundamental tools that an organization can deploy to provide security to their organization.  A typical antivirus solution primarily uses signature–based detections for identifying threats on a system which may not catch the most advanced threats, but it is still helpful in detecting some commodity malware […]

Threat Hunting Use Case: Web Proxy

Ransomware droppers and data ex-filtration and phishing, oh my! Web traffic is an essential part of operations but also represents one of the most dynamic attack surfaces all companies have to secure. The first step to securing this attack surface is installing a web proxy, which introduces an overwhelming volume of logging that’s difficult to […]