Checking network traffic at night, checking hashes...
# generala
AoS
10/23/2019, 12:03 PMChecking network traffic at night, checking hashes for known processes running, looking for suspicious processes, registry indicators... these are all basic thing that can be very easily adjusted to each individual environment
f
FG
10/23/2019, 1:09 PMif you just want generic stuff i’d recommend https://github.com/hunters-forge/ThreatHunter-Playbook
FG
10/23/2019, 1:09 PMmany of the windows sysmon examples can be translated to osquery
t
Tim F.
10/24/2019, 7:36 PM@AoS did you look into the playbook? I am curious to learn what you've implemented. I'm trying to inventory production use cases.
j
Jams
10/26/2019, 4:53 AMIs there a Linux Threat hunting playbook? Or a dataset of Linux-specific malware similar to … https://github.com/endgameinc/ember
f
FG
10/26/2019, 11:54 AMI’ve developed many custom/internal things but nothing public afaik.
3 Views