Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Powered by
Title
a
AoS
10/23/2019, 12:03 PM
Checking network traffic at night, checking hashes for known processes running, looking for suspicious processes, registry indicators... these are all basic thing that can be very easily adjusted to each individual environment
f
FG
10/23/2019, 1:09 PM
if you just want generic stuff i’d recommend
https://github.com/hunters-forge/ThreatHunter-Playbook
many of the windows sysmon examples can be translated to osquery
t
Tim F.
10/24/2019, 7:36 PM
@AoS
did you look into the playbook? I am curious to learn what you've implemented. I'm trying to inventory production use cases.
j
Jams
10/26/2019, 4:53 AM
Is there a Linux Threat hunting playbook? Or a dataset of Linux-specific malware similar to …
https://github.com/endgameinc/ember
f
FG
10/26/2019, 11:54 AM
I’ve developed many custom/internal things but nothing public afaik.
3 Views
#general
Join Slack