Security operations | 3 min read
Expel Hunting: Now in the cloud

We’ve added something new to Expel Hunting: cloud hunts. Find out how our crew’s newly developed hunting techniques can help you spot visibility gaps in your cloud (and give you some peace of mind).

Tips | 6 min read
How to create and maintain Jupyter threat hunting notebooks

We got a lot of questions about configuring Jupyter notebooks after presenting at Infosec Jupyterthon 2020. See our response along with some tips for incorporating this tech into infosec processes.

Security operations | 8 min read
Using JupyterHub for threat hunting? Then you should know these 8 tricks.

Jupyter Notebook gave us the freedom to rethink the way we analyzed hunting data. Here are some tips and tricks you can use in your own analysis.

Security operations | 4 min read
3 must-dos when you’re starting a threat hunting program

So you decided you want to build a threat hunting program ... but where do you start? Here are our three must-dos when you’re planning your hunt.

Security operations | 6 min read
How to make your org more resilient to common Mac OS attacks

Got Macs in your org? Here are a few recent Mac OS attack trends and how you can become more resilient to ‘em.

Security operations | 6 min read
How to find anomalous process relationships in threat hunting

Finding anomalous process relationships -- commands that don’t belong together -- might indicate a problem within your environment. Here’s how to spot ‘em.

Security operations | 7 min read
How to choose the right security tech for threat hunting

How do you decide which tech to use to carry out your hunt? This post’s got some pro tips for when and how to use different technology for your threat hunting mission.

Tips | 5 min read
How to hunt for reconnaissance

Use the hunting process to find attackers performing reconnaissance, through actions that aren’t things most users typically do, in your system.

Security operations | 5 min read
What is (cyber) threat hunting and where do you start?

We want to demystify what threat hunting is and what it’s not. So here goes nothin’ ...