CISM, CISSP, C-CISO | Offensive & Defensive Strategies |Threat Hunting | Network Security Architecture | Information Security & Privacy

Threat hunting is, quite simply, the pursuit of abnormal activity on servers and endpoints that may be signs of compromise, intrusion, or exfiltration of data

Understanding Threat Hunting (Part 1)

What is Threat Hunting? Cybercrime groups are now building hard-to-detect tools and deploying techniques making it quite difficult for organizations to tell if they are being intruded. Passive methods of detecting signs of intrusion are becoming less practical as environments are complicated, and no method or technology is able to absolutely detect malicious activities; thus,…

Bluekeep Threat hunting

The BlueKeep Attack, a successful attack!!!

Based on Microsoft security researcher’s estimation, nearly 1.5 million devices were vulnerable to BlueKeep (CVE-2019-0708, a critical vulnerability in remote desktop services). The estimation demonstrates how such a theoretical attack could be of a similar scale to WannaCry #EternalBlue #PetyaNotPetya. BlueKeep is also “wormable”. This means that the threats exploiting this vulnerability can propagate similar…