Active Countermeasures

Should Threat Hunting Be a Standards Requirement?

Chris Brenton — Tue, 02 Oct 2018 09:30:11 +0000

As part of some recent research, I was looking at which security standards and attestations require regular threat hunts. Imagine my surprise when […]

The post Should Threat Hunting Be a Standards Requirement? appeared first on Active Countermeasures.

AI-Hunter v1.2.1 Has Been Released!

Chris Brenton — Mon, 01 Oct 2018 14:07:13 +0000

Hi folks! We are proud to say that version 1.2.1 of AI-Hunter has just been released! You can access this latest version via […]

The post AI-Hunter v1.2.1 Has Been Released! appeared first on Active Countermeasures.

Threat Hunting Beacon Analysis Webcast from September 11, 2018

Chris Brenton — Tue, 11 Sep 2018 09:00:17 +0000

Below is the link to the slides from our 9/11/18 talk on performing a threat hunting beacon analysis. Thank you to everyone who […]

The post Threat Hunting Beacon Analysis Webcast from September 11, 2018 appeared first on Active Countermeasures.

YCombinator Startup School

Chris Brenton — Thu, 06 Sep 2018 09:00:06 +0000

Active Countermeasures is excited to announce that we have been accepted into YCombinator’s Startup School. YCombinator (“YC” for short) is arguably one of […]

The post YCombinator Startup School appeared first on Active Countermeasures.

Tightly Defining Cyber Threat Hunting

Chris Brenton — Tue, 04 Sep 2018 14:51:49 +0000

I briefly considered titling this blog entry “Why Threat Hunting Scope Creep Will Swallow Your Soul”, because I’ve spoken with quite a few […]

The post Tightly Defining Cyber Threat Hunting appeared first on Active Countermeasures.

DNS Backdoors?

John Strand — Tue, 28 Aug 2018 17:38:56 +0000

There has been a lot of confusion about DNS backdoors and how hard they are or ar not to detect. I wanted to […]

The post DNS Backdoors? appeared first on Active Countermeasures.

Tshark Examples for Extracting IP Fields

Chris Brenton — Wed, 22 Aug 2018 14:03:31 +0000

In a previous blog entry, I referenced using tshark to extract IP header information so that it could be sorted and analyzed. I […]

The post Tshark Examples for Extracting IP Fields appeared first on Active Countermeasures.

Wireshark For Network Threat Hunting: Creating Filters

John Strand — Mon, 20 Aug 2018 11:02:28 +0000

Let’s say you have a system you believe to be compromised. And, let’s say you can get a packet capture from that system. […]

The post Wireshark For Network Threat Hunting: Creating Filters appeared first on Active Countermeasures.

Version 1.2 Release

Chris Brenton — Wed, 15 Aug 2018 08:00:32 +0000

We’ve just released version 1.2 of AI-Hunter! There have been a number of tweaks and improvements, but there are three in particular that […]

The post Version 1.2 Release appeared first on Active Countermeasures.

Threat Hunting – Simplifying The Beacon Analysis Process

Chris Brenton — Mon, 13 Aug 2018 07:00:32 +0000

In part one of this two-part series, I described what is involved with performing a beacon analysis and why it is so important […]

The post Threat Hunting – Simplifying The Beacon Analysis Process appeared first on Active Countermeasures.