Threat Hunting using an Indicator of Compromise (IOC) File

Показать описание

In this video I cover how to use the indicator of compromise file that I had generated in my last video, using Mandiant/FireEye's Redline application.

"A free endpoint security tool that provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile."

If you found this helpful please consider leaving a like or comment!

Links:

If you might be interested in looking at the Security Blue Team's "Introduction to Threat Hunting" course yourself; Link is below!

Рекомендации по теме

Комментарии

@cybersectom followed all the steps using the zip file provided by SecBluetTeam. allways there is no matches. any idea what could be an issue.

fromACHICAL

one more question how to tell if the file is modified or not i am confused at that part ? i mean what are we looking or comparing ?

itsmusic

but I have one query when i click on bat file my Microsoft edge starts to run xml file and the size of file get increase and increase upto GBs like 10gb and so on and then that page shows refresh option and that xml file goes on and on can you tell mi why this happening

Pablo_the_great

@cybersec Tom. Thank you for this tutorial. I followed through and was able to get a hit in my "malware hunting quiz @security blue team.

The issue I have now is that, I couldn't get file name for MD5.

Please, can you help me with how to get file name? Without the file names I can't pass the quiz.

Thank you. I await your prompt response.

LoversSpot

I'm getting Directory does not exist in the field of" Location for acquisition from this session"!!!

gamerbuddy

i followed all steps but i could not get the analysissession1 file which is 1kb. but get the Audit folder. Can you tell me why it's happening?

nanolearner

hey dude i have a confusion about IOC editor i mean whats its uses if we need to add hash and values to it manually ?

itsmusic

when i generate IOC in Mandiant after that i import IOC into Redline but its said malform. can u explain it for me why that is happening?

zymh

Threat Hunting using an Indicator of Compromise (IOC) File

Threat Hunting using an Indicator of Compromise (IOC) File

Cybersecurity Threat Hunting Explained

Threat Hunting Explained

How to Hunt for Indicators of Compromise in CrowdStrike Falcon

Cloud Threat Hunting

Hunting in the Depths - The Need for a Strategic Threat Detection Model

Threat Hunting with CIRCL MISP

Threat Hunting with Network Flow - SANS Threat Hunting Summit 2017

[Webinar] Malware Analysis: Threat Hunters and Threat Indicators

Network Threat Hunting Made Easy (Finding Hackers)

Threat Hunting for IOCs with Elastic Stack

Threat Hunting with a Remote Workforce

Behavioral vs Indicator-Based Threat Hunting (And Why You Should Be Doing Both To Be Successful)

Threat Hunting with ThreatQ

Must Collect IOCs... Now What?! - Threat Hunting Summit 2016

11-13-2021 Driving the Indicator Lifecycle with Threat Hunting | workshop Discord security

Threat Hunting Tutorial: Introduction

Driving the Indicator Lifecycle with Threat Hunting workshop Discord security

Oleksii Baranovskyi - Indicator of compromise lifecycle and evaluation during threat hunting

Driving the Indicator Lifecycle with Threat Hunting workshop Discord security

SOAR Use Case | Automated Threat Hunting with Security Automation

What Is Threat Hunting? | Threat Hunting Techniques | Secrets of Effective Threat Hunting

Tanium Solution Demo: Threat Hunting

Hunt and Gather: Developing Effective Threat Hunting Techniques