PREVIEW: Threat Hunting: What, Why, and How

by David Tatum

In today’s world of information technology, cyber-attacks on computing devices and networks that consist of those devices go beyond data integrity and confidentiality issues. There are many types of threats and methods of cyber-attacks that various threat actors use. The outcome for not being proactive with a robust cyber security defense strategy can have dire consequences. It is often the case that cyber-attacks go unnoticed for extended time periods, up to several months or even well over a year. It is imperative to have a comprehensive defense strategy for prevention and recovery. Cyber-threat hunting should be an integral component of intrusion detection and prevention systems, including both automated and with human response.

How to find hidden information in a JPG image

by Daniele Giomo

In this article, the author will explain how to search for hidden information in a JPG image. The exercise will involve both the technical part, necessary to be able to carry out an analysis, and an instinctive part which is equally fundamental to be a good digital investigator. The types of anti-forensics can be divided into three broad branches:

- Data Hiding (hiding data and information)

- Tool's weakness (known weaknesses of computer forensics tools)

- Investigator's weakness

What is anti-forensics? These are all those tricks that serve to embarrass the "digital investigators", in order to be able to hide or make it extremely difficult to find digital evidence.

Threat Hunting the Adversaries Among Us

by Alexandra Hurtado

The cyber threat landscape is a complex playing field of suspicious betrayal. Attacks are becoming more advanced and persistent, with zero-day threats far more common than before. It can often lead you chasing after absolutely nothing, killing precious and highly-priced billable hours. New technologies create new threats every single day and thus also create a demand for new skills. The pace is so fast that it can get quite tiresome to keep up with the latest zero-day or find the bandwidth to strengthen the fundamentals of a technique or even explore a new one. As cybersecurity professionals, we have a duty to recognize and manage anything that threatens the organization’s welfare and ecosystem. So how do we best ensure how we prioritize our time when time is not on our side in this industry?

Cyber threats and the dark web

by Maciej Makowski

When it comes to defending any IT infrastructure, be it a corporate one or one belonging to a small business, the name “dark web” might appear as ominous as it sounds. This is mainly because the dark web is a bit like the uncharted waters, the unknown, not always understood area of the Internet. And we tend to be afraid of the things we don’t understand. One of the common misconceptions about the dark web is that everything that is on it is illegal. Another misconception is that whatever is on the dark web has to be in some way harmful. People propagating these statements are clearly unaware that corporate and governmental entities have their presence there; from newspapers and free speech outlets, police and intelligence organisations, to the likes of Facebook, they all have their own .onion websites accessible only through TOR.

Threat hunting - What, Why and How

by Matthew Kafami

In early December 2020, news broke of a security breach at one of the better known security organizations. Now known as SunBurst, this organization’s incident response determined SolarWinds as the “weak link” into their network, which allowed attackers to steal proprietary red team tools. Shortly after the initial announcement of the vulnerability found in a particular version of SolarWinds’ software, many organizations came forward with initial statements that they either suspect they may have been compromised or have confirmed they were compromised and were working to triage this situation. SolarWinds even went so far as to publish a list of prominent customers who may have been impacted; this list included all five branches of the United States military, several government agencies, top businesses, and more. Although FireEye initially discovered this issue, any one of the organizations could have, and should have detected this through routine threat hunting procedures.

Using Dark Crawler To Gather Threat Intelligence On Social Media In The Age of Big Data

by Rhonda Johnson

The growing popularity of social media has provided an unprecedented opportunity for threat intelligence collection. A 2014 survey noted by Rice and Parkin (2016), indicated that the majority of law enforcement respondents have utilized social media platforms and data analytic tools like natural language processors to gather intelligence for criminal cases. In the age of big data, social media platforms allow investigators to collect information about potential suspects, victims and criminal organizations such as terrorist groups and human traffickers by using automated web intelligence tools to make sense of the large amounts of data criminal actors may leave behind. Examples of threat intelligence include the hierarchy structure of a criminal network enterprise or a map visualization of Geo-tagged social media posts suspecting locations of potential crime scenes. The following article will explore one web mining tool in particular, The Dark Crawler, and how it can be used to gain actionable threat intelligence in the age of social media and big data.

How you should marry threat hunting and risk assessment

by Roland Gharfine

“A good marriage is one which allows for change and growth in the individuals and in the way they express their love.” – Pearl S. Buck

Verifying quotes on the internet is a challenge, but you can take this one to the bank. When my first article was published, I jokingly told my friends that I deserve a Pulitzer Prize, so it’s only fitting to quote a winner of that same honor. Welcome to my second-ever marriage counseling session, the first of which you can find in the blog section of eForensicsmag, and which was titled “Why you should marry threat hunting and risk assessment”. During this year, I found myself consuming content by Simon Sinek, and I don’t really know how to qualify him, but he’s at least an author and an inspirational speaker for sure. One of his books, “Start With Why”, is an inspiration for this Why-What-How sequence that I have followed with this theme, what he calls “The Golden Circle”.

Infection by Outbreak Attack Malicious

by Filipi Pires

The purpose of this document is to execute several efficiency and detection tests in our lab environment protected with an endpoint solution, provided by Sophos. This document presents the result of the defensive security analysis with an offensive mindset performing a ransomware to encrypt the victim machine through using some scripts in PowerShell to call this malware, and another test using many malware to overload simulating a malicious outbreak attack.

Network Intrusion and Cyber Threat Hunting

by Ranjitha R

The analysis of network intrusion involves the process in both intrusion of a network and the analysis of intrusion. Cyber threat hunting is a constant cyber defense activity. It is defined as a proactive iterative action through networks to expose and identify certain advanced threats that bypass existing security solutions (Courtesy: Wikipedia).

Threat hunting cobalt strike article. Finding the Malleable C2 Profile.

by Gerard Johansen

The commercial threat emulation tool Cobalt Strike continues to be a go-to tool for penetration testers and adversaries alike. This feature rich tool utilizes a modular and customizable framework that combines various capabilities giving adversaries a robust post-exploitation framework that can be leveraged for reconnaissance, lateral movement, and establishing persistent Command and Control. As a testament to the functionality and widespread use of the tool, MITRE ATT&CK includes a full breakdown of the tool and those high-profile groups that leverage it here: https:// attack.mitre.org/versions/v8/software/S0154/.