The Threat Hunter Blog

The Threat Hunter Blog

Peter Stephenson

August Emerging Product Groups – Deception Networks

This month is one of the two emerging product groups that we do each year. Emerging groups comprise those that are so new that the genre has yet to be defined solidly.  Often, the category does not yet have a Gartner Magic Quadrant so this is cutting edge stuff. Why do this? The reason is…

Peter Stephenson

Threat Hunting and Endpoints; A Dr. Stephenson tutorial

I frequently get questions about my concept of threat hunting so in this blog I’ll take a look at that topic. We’ll return to the analysis of particular events in our next outing, but for now let’s examine how we do threat hunting, interdiction of malicious actions and post-event forensics.  For our purposes – not…

Peter Stephenson

No, I don’t WannaCry and WannaCry 2.0

*** NOTE: UPDATE — version 2.0 is on the street – new information at the end of this blog! *** But let’s start off with the hot cyber news over the past week, of course, is the WannaCry (or Wana Crypt/Cryptor/Decryptor) ransomware.  Getting back in the saddle, I thought that this would be a good…

Peter Stephenson

Devilish New Ransomware Hits the Street

I’ve been holding this for a couple of days for a couple of reasons. First, I want to be sure this really is going somewhere (it is), and, second, I wanted a bit more than the easy-to-get screen shots that have been appearing in other blogs (got it). So, we’ll start with some background. Some…

Peter Stephenson

Hunting DiamondFox Crystal on Your Enterprise

This week I am writing the blog jointly with a well-known threat hunter, Josh Liburdi from Sqrrl.  Josh has had a long career in threat hunting as you can see from his brief bio below so I asked him to take our sample, turn it loose in his sand box and tell us how he…

Peter Stephenson

Inside DiamondFox

Last time we looked at the overview of the latest release – Crystal Version – and we got a good look at what the bot is supposed to be doing. We also got a top-level look at the architecture.

Next post in The Threat Hunter Blog