Any tips for doing a living off the land threat hunt on your own computer? | allinfosecnews.com

May 1, 2024, 11:19 p.m. | /u/error_therror

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

I'm a threat hunter by day where my my company uses MDR software on clients' computers. This allows us to directly query the device to perform threat hunts to search for newly created files, open sockets, logon events, persistence, etc. I've been doing this for a little bit but it recently occurred to me that I'd have no idea how to do this on a computer without our software installed on it.

So any tips for doing this manually or …

blueteamsec clients computer computers device doing etc events files hunt hunter living off the land logon mdr own persistence query search sockets software threat tips

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets 15 hours ago | www.reddit.com

azure blueteamsec employee expose +6

Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID 15 hours ago | www.reddit.com

blueteamsec cleaning icedid latrodectus +1

Revealing Spammer Infrastructure With Passive DNS - 226 Toll-Themed Domains Targeting Australia 17 hours ago | www.reddit.com

australia blueteamsec dns domains +6

Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule 1 day, 15 hours ago | www.reddit.com

blueteamsec denial of service down filter +4

Ukrainian military targeted by russian hackers in mobile attacks: study by SSSCIP 1 day, 16 hours ago | www.reddit.com

attacks blueteamsec hackers military +7

HTTP/2 Continuation Flood (and POC) 1 day, 16 hours ago | www.reddit.com

2 continuation flood blueteamsec flood http +1

Threat Actors use of Artifical Intelligence 2 days, 1 hour ago | www.reddit.com

artifical intelligence blueteamsec intelligence threat +1

Ebury is alive but unseen: 400k Linux servers compromised for cryptotheft and financial gain 2 days, 9 hours ago | www.reddit.com

blueteamsec compromised financial linux +2

GitCaught: Threat Actor Leverages GitHub Repository for Malicious Infrastructure 2 days, 11 hours ago | www.reddit.com

actor blueteamsec github github repository +5

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Senior Product Delivery Associate - Cybersecurity | CyberOps

@ JPMorgan Chase & Co. | NY, United States

View on infosec-jobs.com

Security Ops Infrastructure Engineer (Remote US):

@ RingCentral | Remote, USA

View on infosec-jobs.com

SOC Analyst-1

@ NTT DATA | Bengaluru, India

View on infosec-jobs.com