Channels
doorman
zercurity
infrastructure
code-review
queryhub
apple-silicon
carving
goquery
aws
querycon
golang
file-carving
fuzzing
help-proxy
darkbytes
process-auditing
general
windows
random
fleet-dev
tls
fim
awallaby
zentral
zeek
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
community-feeds
Powered by
#general
Title
# general
a
AoS
10/23/2019, 12:03 PM
Checking network traffic at night, checking hashes for known processes running, looking for suspicious processes, registry indicators... these are all basic thing that can be very easily adjusted to each individual environment
f
FG
10/23/2019, 1:09 PM
if you just want generic stuff i’d recommend
https://github.com/hunters-forge/ThreatHunter-Playbook
many of the windows sysmon examples can be translated to osquery
t
Tim F.
10/24/2019, 7:36 PM
@AoS
did you look into the playbook? I am curious to learn what you've implemented. I'm trying to inventory production use cases.
j
Jams
10/26/2019, 4:53 AM
Is there a Linux Threat hunting playbook? Or a dataset of Linux-specific malware similar to …
https://github.com/endgameinc/ember
f
FG
10/26/2019, 11:54 AM
I’ve developed many custom/internal things but nothing public afaik.
3 Views
Post