Join Slack
Powered by
Checking network traffic at night, checking hashes...
# general
a
AoS
10/23/2019, 12:03 PM
Checking network traffic at night, checking hashes for known processes running, looking for suspicious processes, registry indicators... these are all basic thing that can be very easily adjusted to each individual environment
f
FG
10/23/2019, 1:09 PM
if you just want generic stuff i’d recommend
https://github.com/hunters-forge/ThreatHunter-Playbook
FG
10/23/2019, 1:09 PM
many of the windows sysmon examples can be translated to osquery
t
Tim F.
10/24/2019, 7:36 PM
@AoS
did you look into the playbook? I am curious to learn what you've implemented. I'm trying to inventory production use cases.
j
Jams
10/26/2019, 4:53 AM
Is there a Linux Threat hunting playbook? Or a dataset of Linux-specific malware similar to …
https://github.com/endgameinc/ember
f
FG
10/26/2019, 11:54 AM
I’ve developed many custom/internal things but nothing public afaik.
3
Views
Open in Slack
Previous
Next