Threat Hunting Part 2: Hunting on ICS Networks

I wrote this post originally for the Dragos blog. This post is second in a series that describes hunting, discusses best practices and explains our approach and lessons. Because hunting in industrial infrastructure is important to all of us and with focus and effort we can accomplish it. Part 1 Motivation The network architectures and operational … Continue reading Threat Hunting Part 2: Hunting on ICS Networks →

Threat Hunting with Python: Prologue and Basic HTTP Hunting

Prologue: Begin the Hunt You’ve developed a solid network and host-based detection strategy. You are comfortable with the technology you purchased, and processes you developed should you do start getting alerts and might need to open an investigation. You might wonder what the next step should be. The truth is no product or process is … Continue reading Threat Hunting with Python: Prologue and Basic HTTP Hunting →