Infosecurity professionals need to master threat hunting. Why?
Proactive threat hunting enables the detection of attacks that go unnoticed by traditional security solutions.
To help you learn the ropes of this process, we've launched a new blog series, Hunting Rituals, which explores hunting techniques using one of the most effective solutions on the market โ Group-IB MXDR. In the first article, we detailed the basic techniques for detecting DLL sideloading, a ัunning method used to evade traditional security measures.
To begin the hunting process, weโve framed a plausible hypothesis. By applying it to the EDR telemetry, we found several suspicious events. After carefully investigating them using the EDR module of Group-IB MXDR, we discovered the GUID of a process and, thereafter, other data that could help with further remediation or even with identification of a payload injected into legitimate processes.
To learn the details of the threat hunting for DLL sideloading, follow our step-by-step guide
#ThreatHunting #MITREattackframework #T1574002 #DLLhijacking #DLLsideloading
Proactive threat hunting enables the detection of attacks that go unnoticed by traditional security solutions.
To help you learn the ropes of this process, we've launched a new blog series, Hunting Rituals, which explores hunting techniques using one of the most effective solutions on the market โ Group-IB MXDR. In the first article, we detailed the basic techniques for detecting DLL sideloading, a ัunning method used to evade traditional security measures.
To begin the hunting process, weโve framed a plausible hypothesis. By applying it to the EDR telemetry, we found several suspicious events. After carefully investigating them using the EDR module of Group-IB MXDR, we discovered the GUID of a process and, thereafter, other data that could help with further remediation or even with identification of a payload injected into legitimate processes.
To learn the details of the threat hunting for DLL sideloading, follow our step-by-step guide
#ThreatHunting #MITREattackframework #T1574002 #DLLhijacking #DLLsideloading
๐ฅ7๐6โค2
What a day to hunt for...cyber threats!
Group-IB presents a second edition of Hunting Rituals, a blog series that explores hunting techniques using one of the most effective solutions on the market โ Group-IB MXDR. In this latest installment, we're taking a closer look at methods to spot the abuse of Windows Services.
Our new post focuses on hunting for process command line artifacts of service creation and hunting for registry artifacts of service creation, as they both go hand in hand. This time, we tested two hypotheses. One is obvious and allows us to avoid filtering massive data sets. The other creates more noise but enables us to unmistakably identify service creation events regardless of the tool or method used to create the service.
Follow our guide to see which approach brings more value and recreate the hunting process.
#ThreatHunting #MITREattackframework #WindowsService #huntorbehunted
Group-IB presents a second edition of Hunting Rituals, a blog series that explores hunting techniques using one of the most effective solutions on the market โ Group-IB MXDR. In this latest installment, we're taking a closer look at methods to spot the abuse of Windows Services.
Our new post focuses on hunting for process command line artifacts of service creation and hunting for registry artifacts of service creation, as they both go hand in hand. This time, we tested two hypotheses. One is obvious and allows us to avoid filtering massive data sets. The other creates more noise but enables us to unmistakably identify service creation events regardless of the tool or method used to create the service.
Follow our guide to see which approach brings more value and recreate the hunting process.
#ThreatHunting #MITREattackframework #WindowsService #huntorbehunted
๐5๐ฅ4