Threat Hunting

February 27, 2023

A Kestrel Analytics to Detect Lateral Movement

Given the dramatic rise in number of cybersecurity attacks in the recent years, threat hunting is very important to secure businesses and enterprises. This post discusses a new approach to detect lateral movement and shows how this approach can be applied on the data read using STIX-Shifter in the Kestrel threat hunting platform.
July 26, 2021

Practicing Backward And Forward Tracking Hunts on A Windows Host

In our previous blog post, we showed how to get started with the Kestrel Threat Hunting Language, such as connecting to data sources and performing your first hunts using the GET and FIND commands. In this post, we’ll introduce the APPLY keyword, which adds powerful analytics and enrichment capabilities to hunts. We will show a Kestrel hunt performing backward and forward tracking on a Windows host to unearth the […]
July 26, 2021

Building a Huntbook to Discover Persistent Threats from Scheduled Windows Tasks

In this blog post, the first in a series introducing the Kestrel Threat Hunting Language, we will show you how to get started with your first hunt. You’ll learn how to set up your environment, connect to data sources, and search for a common attack technique, scheduled tasks in Windows. You’ll also become familiar with the basic concepts that you […]