Cyber Threat Hunting: 3 MORE Videos to Help You Become an Expert

J Campbell|July 22, 2021
Blog

One of the most common questions we hear in the industry asking is “how do I become a threat hunter?” This is because, unlike most other fields, there are few courses, certifications, or classes to teach true threat hunting. Instead, threat hunting is practice that often requires individuals to put aside the growing “cert culture” in cyber and get back to basics, teaching themselves. But just because you have to teach yourself doesn’t mean there aren’t excellent resources out there to help you along the way!

threat hunting

In our first instalment of this blog series, we covered some of the most common vulnerabilities and techniques threat hunters should be familiar with, and more importantly how you can hunt for them in your organizations. This time around, we are covering more sophisticated techniques that adversaries, from basic cyber criminals to advanced threat actors, use. Sit down, buckle up, and get ready for 3 MORE videos that will make you an even better threat hunter!

New call-to-action

Downloading Files on MS Windows

https://www.youtube.com/watch?v=1yshdcf0AAU

While the Windows operating system, offers legitimate users several ways to download files, for an adversary it isn’t always so easy. This is because in the early stages of a compromise, the actor may only be limited to a basic shell offering simple tools. However, those malicious actors have developed a number of methods of “ingressing” tools into an environment and threat hunters need to know what to look for to identify suspicious download activity.

RDP Hijacking with Tscon.exe

https://www.youtube.com/watch?v=OBfmMvq-9v0

Actors of all skill levels are known to actively target RDP for a variety of reasons. It is therefore imperative that threat hunters are familiar with its normal (and abnormal) behaviors in an environment. In this video we dive into how actors can hijack inactive RDP sessions using the Living off the Land (LotL) binary Tscon.exe

User Account Control Bypass via Registry Modification

https://www.youtube.com/watch?v=U45hJN2dPgo

User Account Control (more commonly referred to as UAC) to many is often known as nothing more than that annoying pop up within Windows asking you to confirm what you are doing. However, to cyber adversaries is does pose a challenge. However, with some minor registry modifications, these actors can bypass UAC altogether. Join Lee Archinal as he explains how actors do it, and how hunters can look for it in their environment.

Conclusion

While the consensus is that cyber threat hunting is field that often demands self-study, that doesn’t mean that both those in, and those seeking to get into, the field can’t use a little helping hand. And if you want to keep up to date with the latest techniques, don’t forget to subscribe to our YouTube channel where we post regular “how-to” videos!

New call-to-action

Blog

J Campbell

Threat Intelligence Lead
Follow Cyborg
  • Twitter
  • linked in

DISCOVER EVEN MORE

White Paper

September 2, 2021

Expectation vs Reality: Debunking 5 (More) Myths About Threat Hunting
Read more
White Paper

August 26, 2021

From a Global Man Hunt to a Cyber Threat Hunt
Read more
White Paper

August 19, 2021

Logs & You: Explaining Threat Hunting to Non-Threat Hunters
Read more

SUBSCRIBE TO OUR NEWSLETTER

Continue the Hunt
No thanks, maybe later.