Tag feed

#threat-hunting

40 posts33 followers

Trending tags this week

Threat Hunting Methodology

2d ago · 8 min read · Most security tools are reactive. Alerts fire after a rule matches, and analysts triage. Threat hunting flips that: you assume something has already evaded the tools, and you go look for it. This post

Join discussion

RBRegő Botond Ronyeczzerohook.hashnode.dev

0

Top 10 DNS Security Tools for Proactive Threat Hunting (2026)

3d ago · 9 min read · Most DNS security advice is reactive. Something breaks, you investigate. But the teams that catch problems early aren't waiting for alerts from their SIEM — they're actively mapping their own attack s

Join discussion

TSTech Skill Schooltechskillschool.hashnode.dev

0

What Are the Tools Used in a SOC Analyst Workflow?

5d ago · 5 min read · In the fast-paced world of cybersecurity, a SOC Analyst is often the first line of defense against cyber threats. They monitor systems 24/7, investigate alerts, and respond to incidents before they ca

Join discussion

Vvaishvikkansaraloghunter.hashnode.dev

0

How to Investigate a Phishing Attack Step by Step (SOC Perspective)

May 22 · 9 min read · Phishing is the number one attack vector used by cybercriminals worldwide. According to multiple threat intelligence reports, over 90% of data breaches begin with a phishing email. As a SOC Analyst, k

Join discussion

ZOZeroTrust Opsnavyacyber.hashnode.dev

0

My First Hands-On Threat Hunting Workshop Experience with Intel 471: Hunting CVE-2023-46604 from Curiosity to Confidence

Apr 30 · 10 min read · When I first heard about Intel 471’s Intelligence-Driven Threat Hunting Workshop: Vulnerability Post-Exploitation Behaviors, I wasn’t actively searching for another certification or workshop. In fact,

Join discussion

TATaji Abdullahtechnofiles.hashnode.dev

0

Understanding Threat Hunting Initiation

Apr 23 · 2 min read · When I first learned about Threat Hunting, the biggest question I had was, how is the hypothesis formed, how do you come to the point of forming a hypothesis that serves as the basis for the threat hu

Join discussion

PPromisepromise-security.hashnode.dev

0

Analysing a Simulated Web Breach with Splunk (Deloitte Forage Cyber Task)

Apr 5 · 2 min read · 1. Getting the logs into Splunk The task provided a web_activity.log file with HTTP requests grouped by internal IP addresses. My first step was to bring this data into Splunk so I could query and vis

Join discussion

SMShubham Mishrasammy-secops.hashnode.dev

1

From Security Tool to Credential Stealer: The TeamPCP Trivy Supply Chain Attack

Apr 3 · 40 min read · TL;DR — Read This First On March 19, 2026 at approximately 17:43 UTC, threat actor group TeamPCP silently redirected trivy-action@0.34.2 — a real, trusted release already running in thousands of CI/CD

CCorrelic commented

BOBrian Olsonhurrikane.net

1

What's in a Name: DNS as a Detection Goldmine

Mar 30 · 10 min read · I love DNS. I know that's a weird thing to say, but I've been doing DFIR and detection engineering for close to two decades, and no single protocol has given me more signal per dollar invested than DN

JJacob commented

ZZainsplunk-threat-hunt.hashnode.dev

0

I Tracked an Attacker Who Typed 'ls' on a Windows Server

Mar 25 · 3 min read · The attacker scanned a Joomla website with 17,547 requests, brute-forced the admin panel with 412 passwords in under two seconds, uploaded an encrypted PHP backdoor, got a shell, and typed ls. On a Wi

Join discussion

#threat-hunting

Search Hashnode

#threat-hunting

Trending tags this week

Threat Hunting Methodology

Top 10 DNS Security Tools for Proactive Threat Hunting (2026)

What Are the Tools Used in a SOC Analyst Workflow?

How to Investigate a Phishing Attack Step by Step (SOC Perspective)

My First Hands-On Threat Hunting Workshop Experience with Intel 471: Hunting CVE-2023-46604 from Curiosity to Confidence

Understanding Threat Hunting Initiation

Analysing a Simulated Web Breach with Splunk (Deloitte Forage Cyber Task)

From Security Tool to Credential Stealer: The TeamPCP Trivy Supply Chain Attack

What's in a Name: DNS as a Detection Goldmine

I Tracked an Attacker Who Typed 'ls' on a Windows Server