Threat hunting
Security operations | 8 min read
MDR insights: defense against persistent threats and Oracle WebLogic CVE-2020-14882Initial access broker (IAB) Magnet Goblin is currently targeting CVE-2020-14882 in Oracle WebLogic. Here's how to identify and stop them.
Security operations | 3 min read
Let your security maturity be your guideSecurity maturity plays a big role in determining how your SecOps strategy evolves. Learn how an Expel customer determined it was the right time to add threat hunting to his repertoire.
Security operations | 3 min read
Expel Q3 Quarterly Threat Report: the top five findingsThe Q3 Quarterly Threat Report findings are based on incidents our security operations center identified in the third quarter this year. Here are a few of the top trends.
Security operations | 3 min read
Expel Hunting: Now in the cloudWe’ve added something new to Expel Hunting: cloud hunts. Find out how our crew’s newly developed hunting techniques can help you spot visibility gaps in your cloud (and give you some peace of mind).
Tips | 6 min read
How to create and maintain Jupyter threat hunting notebooksWe got a lot of questions about configuring Jupyter notebooks after presenting at Infosec Jupyterthon 2020. See our response along with some tips for incorporating this tech into infosec processes.
Security operations | 8 min read
Using JupyterHub for threat hunting? Then you should know these 8 tricks.Jupyter Notebook gave us the freedom to rethink the way we analyzed hunting data. Here are some tips and tricks you can use in your own analysis.
Security operations | 4 min read
3 must-dos when you’re starting a threat hunting programSo you decided you want to build a threat hunting program ... but where do you start? Here are our three must-dos when you’re planning your hunt.
Security operations | 6 min read
How to make your org more resilient to common Mac OS attacksGot Macs in your org? Here are a few recent Mac OS attack trends and how you can become more resilient to ‘em.
Security operations | 6 min read
How to find anomalous process relationships in threat huntingFinding anomalous process relationships -- commands that don’t belong together -- might indicate a problem within your environment. Here’s how to spot ‘em.
Security operations | 7 min read
How to choose the right security tech for threat huntingHow do you decide which tech to use to carry out your hunt? This post’s got some pro tips for when and how to use different technology for your threat hunting mission.
Tips | 5 min read
How to hunt for reconnaissanceUse the hunting process to find attackers performing reconnaissance, through actions that aren’t things most users typically do, in your system.
Security operations | 5 min read
What is (cyber) threat hunting and where do you start?We want to demystify what threat hunting is and what it’s not. So here goes nothin’ ...