Title
#general
AoS

AoS

10/23/2019, 12:03 PM
Checking network traffic at night, checking hashes for known processes running, looking for suspicious processes, registry indicators... these are all basic thing that can be very easily adjusted to each individual environment
f

FG

10/23/2019, 1:09 PM
if you just want generic stuff i’d recommend https://github.com/hunters-forge/ThreatHunter-Playbook
1:09 PM
many of the windows sysmon examples can be translated to osquery
Tim F.

Tim F.

10/24/2019, 7:36 PM
@AoS did you look into the playbook? I am curious to learn what you've implemented. I'm trying to inventory production use cases.
Jams

Jams

10/26/2019, 4:53 AM
Is there a Linux Threat hunting playbook? Or a dataset of Linux-specific malware similar to … https://github.com/endgameinc/ember
f

FG

10/26/2019, 11:54 AM
I’ve developed many custom/internal things but nothing public afaik.