2025年度版:脅威ハンティング再考 - 2025 Edition: Threat Hunting Revisited
submitted by /u/digicat [link] [comments]
Articles tagged with: #threat-hunting
Clear filter
Cisco ASA Zero-Day: 90,000 FTD Devices Exposed, Threat Hunting Guide (CVE-2025-20333 · CVE-2025-20362)
On September 25, 2025, Cisco warned that it had discovered two zero-day vulnerabilities in Cisco ASA (Adaptive Security Appliance) that are being exploited in the wild. In this post, we examine the threats and impacts of CVE-2025-20333 and CVE-2025-20362, and discuss recommended security mitigations. CVE-2025-20333 · CVE-2025-20362: Cisco ASA Zero-Day Vulnerabilities One of the Cisco
The role of Artificial Intelligence in today's cybersecurity landscape
AI is transforming cybersecurity - from detecting phishing and insider threats to accelerating response. See how Waziuh, the open-source XDR and SIEM, integrates AI to turn raw security data into actionable insights and smarter threat hunting.
What Tools Would You Buy to Strengthen Overall SOC Capability?
Hey everyone, Our security team is planning to invest in tools and platforms that can actually make a difference across the board. The goal is to move from being mostly reactive to becoming a more intelligence driven and proactive SOC. We want to strengthen areas like: • Threat intelligence collection and enrichment • Threat hunting and detection engineering • Incident response and digital forensics • External exposure and attack surface management • Automation and playbook maturity I'd love to...
DEATHCon (Detection Engineering & Threat Hunting Conference) Review?
Has anyone attended DEATHCon (Detection Engineering & Threat Hunting Conference)? I can't find any reviews about the con online. From the description, it seems to be relatively small (10-50 people), and I wanted to see how accurate that was. Is there an age requirement and how beginner friendly are the workshops? I was thinking about taking my nephew who was interested in CyberSec after high school (currently 17). He's done an incident response CTF as part of a school program and he really...
Threat Hunting sessions via AuthenticationProcessingDetails on AADSignInEventsBeta
When digging into sign-in activity in Microsoft Entra ID, one of the available table is AADSignInEventsBeta. Buried inside it, the field AuthenticationProcessingDetails gives us an extra layer of context that often goes unnoticed - but it's a goldmine for hunting suspicious behavior. In this article, I'll highlight a few of the most useful fields I've worked with from this column and share some KQL examples that demonstrate how powerful this data can be for investigations. 🧩 Key fields Is...
Threat Hunting & AI In SOC | Ben McGavin, Justin Dolgos, Todd Willoughby (RSM) With Vladislav Babiuk
Why you need to hear this episode of SOC Stars - Vladislav Babiuk, Director of Technical Product Marketing San Jose, Calif. - Oct. 1, 2025 If you care about the future of cybersecurity, this episode of SOC Stars with RSM's "Threat Hunting Dream Team" is
Advanced Threat Hunting: Automating Large-Scale Operations with LLMs
Last week, we were fortunate enough to attend the fantastic LABScon conference , organized by the SentinelOne Labs team. While there, we presented a workshop titled ' Advanced Threat Hunting: Automating Large-Scale Operations with LLMs .' The main goal of this workshop was to show attendees how they could automate their research using the VirusTotal API and Gemini . Specifically, we demonstrated how to integrate the power of Google Colab to quickly and efficiently generate Jupyter notebooks...
Benchmarking LLM-Assisted Blue Teaming via Standardized Threat Hunting
arXiv:2509.23571v1 Announce Type: new Abstract: As cyber threats continue to grow in scale and sophistication, blue team defenders increasingly require advanced tools to proactively detect and mitigate risks. Large Language Models (LLMs) offer promising capabilities for enhancing threat analysis. However, their effectiveness in real-world blue team threat-hunting scenarios remains insufficiently explored. This paper presents CyberTeam, a benchmark designed to guide LLMs in blue teaming...
SOC Analyst Interviews
Hey Everyone, I've managed to land two SOC interviews (one with Chuck E Cheese and one with a Dr.Pepper company). I come from a front-end web dev background. I've done some TryHackMe, vuln management, threat hunting, and incident response in Azure. I have Security+. Any hiring managers or people involved in the hiring process willing to give some advice? I've never worked an actual cyber role yet and I'm actually nervous and a little doubtful since I got rejected for a help desk role two weeks...
The State of AI in the SOC 2025 - Insights from Recent Study
Security leaders are embracing AI for triage, detection engineering, and threat hunting as alert volumes and burnout hit breaking points. A comprehensive survey of 282 security leaders at companies across industries reveals a stark reality facing modern Security Operations Centers: alert volumes have reached unsustainable levels, forcing teams to leave critical threats uninvestigated. You can
Threat Hunting on potential APT35 Servers
submitted by /u/digicat [link] [comments]
Threat hunting on DNS query logs
Hi, I have some queries logs from my company's dns server, and I want perform threat hunting on them. Because I don't want to do a lot of threat intel queries (because of the rate limiting), I wanted to reduce the number of IP adresses in my data by filtering out ones that are legitimate. I mean Google or cloud flare, or even ISPs resolvers. I tried to filter out "8.8.8.8" and "1.1.1.1", etc. But I didn't find them in the logs. so I figured that these are the ones that recieves dns queries and...
Autonomous Timeline Analysis and Threat Hunting
submitted by /u/digicat [link] [comments]
Autonomous Timeline Analysis and Threat Hunting
submitted by /u/digicat [link] [comments]
Enhancing Cyber Threat Hunting -- A Visual Approach with the Forensic Visualization Toolkit
arXiv:2509.09185v1 Announce Type: new Abstract: In today's dynamic cyber threat landscape, organizations must take proactive steps to bolster their cybersecurity defenses. Cyber threat hunting is a proactive and iterative process aimed at identifying and mitigating advanced threats that may go undetected by traditional security measures. Rather than waiting for automated security systems to flag potential threats, threat hunting involves actively searching for signs of malicious activity within...
Detection Gaps: The Hidden Enemy in SOC Threat Hunting & Detection Engineering
The Blind Spot Nobody Talks About If you spend any time in a SOC, you'll notice one common theme: everyone is obsessed with reducing false positives . Playbooks, tuning sessions, endless SIEM rules - all designed to cut down the noise. But here's the problem: while we're busy fighting the noise, we rarely talk about the silence . That silence comes from detection gaps - the places in your environment where you have zero visibility. No logs, no telemetry, no alerts. Attacks can happen there,...
DEW #128 - AI Detection Engineering Uncertainty, 3D Threat Hunting and Salesloft Drift Shenanigans
and the Bills win season opener #gobills
Snake Oilers: Nebulock, Vali Cyber and Cape
In this edition of the Snake Oilers podcasts, three vendors pop in to pitch you all on their wares: Automated, AI-powered threat hunting with Nebulock Damien Lewke from Nebulock joins the show to talk about how its agentic AI platform can surface attacker activity out of all those "low" and "informational" findings your detection team doesn't have time to look at. Runtime security for hypervisors from Vali Cyber Austin Gadient from Vali Cyber stops by to talk about ZeroLock, its hypervisor...
Detection Engineering& Threat Hunting : Stop MFA Push Bombing
submitted by /u/digicat [link] [comments]