Powershell Threat Hunting

PoSh-Hunter CTF (@PoSh_Hunter) | Twitter

PoSh-Hunter CTF (@PoSh_Hunter) | Twitter

Threat Hunting: Common Attack Vectors and Delivery Channels

Threat Hunting: Common Attack Vectors and Delivery Channels

Hunting for Privilege Escalation Done with Invoke-TokenManipulation

Hunting for Privilege Escalation Done with Invoke-TokenManipulation

THRecon - Threat Hunting Reconnaissance Toolkit - KitPloit ⋆ FGR* Blog

THRecon - Threat Hunting Reconnaissance Toolkit - KitPloit ⋆ FGR* Blog

Build a fast, free, and effective Threat Hunting/Incident Response

Build a fast, free, and effective Threat Hunting/Incident Response

Threat Hunting with MITRE's ATT&CK Framework: Part 1 | Digital Guardian

Threat Hunting with MITRE's ATT&CK Framework: Part 1 | Digital Guardian

PowerShell for Pentesters: Scripts, Examples and Tips - Varonis

PowerShell for Pentesters: Scripts, Examples and Tips - Varonis

Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response W…

Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response W…

PowerShell and 'Fileless Attacks' – JASK

PowerShell and 'Fileless Attacks' – JASK

Cyber Wardog Lab: Enabling Enhanced PowerShell logging & Shipping

Cyber Wardog Lab: Enabling Enhanced PowerShell logging & Shipping

Threat Hunting for Masquerading Windows Processes – Checkmate

Threat Hunting for Masquerading Windows Processes – Checkmate

Dabble or deep dive: Threat hunting you can do with available resources

Dabble or deep dive: Threat hunting you can do with available resources

Analyzing Sophisticated PowerShell Targeting Japan | InQuest

Analyzing Sophisticated PowerShell Targeting Japan | InQuest

Threat Hunting with SPLUNK Workshop for WiT 12_17_18

Threat Hunting with SPLUNK Workshop for WiT 12_17_18

ACA offers PowerShell bootcamp Sept  24-27 — American Cyber Alliance

ACA offers PowerShell bootcamp Sept 24-27 — American Cyber Alliance

Chris Gerritz to Speak at BSides Las Vegas

Chris Gerritz to Speak at BSides Las Vegas

Threat Hunting with Jupyter Notebooks— Part 1: Your First Notebook 📓

Threat Hunting with Jupyter Notebooks— Part 1: Your First Notebook 📓

Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk)

Advanced Incident Detection and Threat Hunting using Sysmon (and Splunk)

Analyzing PowerShell Malware – Cyber Forensicator

Analyzing PowerShell Malware – Cyber Forensicator

Threat Hunting Best Practices: Be Ready to Hunt When Cyber Criminals

Threat Hunting Best Practices: Be Ready to Hunt When Cyber Criminals

PowerShell Networking Netstat | Projects to Try | Batch file, Linux

PowerShell Networking Netstat | Projects to Try | Batch file, Linux

PowerShell logging – Active Directory Security

PowerShell logging – Active Directory Security

weffles – Threat Hunting/Incident Response Console with Windows

weffles – Threat Hunting/Incident Response Console with Windows

Malware Minute: Analyzing a Powershell Attack

Malware Minute: Analyzing a Powershell Attack

PowerShell Script Steals Credentials | Secureworks

PowerShell Script Steals Credentials | Secureworks

Trimarc Research: Detecting Password Spraying with Security Event

Trimarc Research: Detecting Password Spraying with Security Event

Part 1: Intro to Threat Hunting with Powershell Empire, Windows

Part 1: Intro to Threat Hunting with Powershell Empire, Windows

Malicious PowerShell Detection via Machine Learning | FireEye Inc

Malicious PowerShell Detection via Machine Learning | FireEye Inc

Advanced Incident Detection and Threat Hunting using Sysmon (and

Advanced Incident Detection and Threat Hunting using Sysmon (and

Advanced Incident Detection and Threat Hunting using Sysmon (and

Advanced Incident Detection and Threat Hunting using Sysmon (and

Homegrown Cyber Threat Intelligence With STIX2 and Couchbase

Homegrown Cyber Threat Intelligence With STIX2 and Couchbase

PowerShell: A Traceless Threat and How to Protect Yourself | Hacking

PowerShell: A Traceless Threat and How to Protect Yourself | Hacking

ATT&CK-ing the Adversary: Episode 2 - Hunting with ATT&CK in Splunk

ATT&CK-ing the Adversary: Episode 2 - Hunting with ATT&CK in Splunk

Sage Advice Guide to Cyber Threat Hunting

Sage Advice Guide to Cyber Threat Hunting

Automate Common Threat Hunting and Response Actions with

Automate Common Threat Hunting and Response Actions with

Threat Hunting Using Endpoint Data for a Proactive Defensive Posture

Threat Hunting Using Endpoint Data for a Proactive Defensive Posture

Threat Hunting: Finding Persistence Mechanisms - Syspanda

Threat Hunting: Finding Persistence Mechanisms - Syspanda

Log Analysis Part 2 - Detecting Host Attacks: Or, How I Found and

Log Analysis Part 2 - Detecting Host Attacks: Or, How I Found and

Fernando Tomlinson on Twitter:

Fernando Tomlinson on Twitter: "Do you use PowerShell and enjoy DFIR

Cyber Wardog Lab: Enabling Enhanced PowerShell logging & Shipping

Cyber Wardog Lab: Enabling Enhanced PowerShell logging & Shipping

Proactive Threat Hunting – Practical Use Cases - Atos

Proactive Threat Hunting – Practical Use Cases - Atos

Threat Hunting with Jupyter Notebooks — Part 4: SQL JOIN via Apache

Threat Hunting with Jupyter Notebooks — Part 4: SQL JOIN via Apache

Malware Analysis using Osquery | Part 1 - By

Malware Analysis using Osquery | Part 1 - By

Threat Hunting with MITRE's ATT&CK Framework: Part 1 | Digital Guardian

Threat Hunting with MITRE's ATT&CK Framework: Part 1 | Digital Guardian

This is Advanced Incident Detection and Threat Hunting using Sysmon

This is Advanced Incident Detection and Threat Hunting using Sysmon

Malware Analysis using Osquery | Part 1 - By

Malware Analysis using Osquery | Part 1 - By

PSHunt: Powershell Threat Hunting Module • Penetration Testing

PSHunt: Powershell Threat Hunting Module • Penetration Testing

Malicious PowerShell Detection via Machine Learning | FireEye Inc

Malicious PowerShell Detection via Machine Learning | FireEye Inc

GitHub - NetSPI/PowerUpSQL: PowerUpSQL: A PowerShell Toolkit for

GitHub - NetSPI/PowerUpSQL: PowerUpSQL: A PowerShell Toolkit for

Threat Hunting Professional Training Course - THP - eLearnSecurity

Threat Hunting Professional Training Course - THP - eLearnSecurity

Automate Common Threat Hunting and Response Actions with

Automate Common Threat Hunting and Response Actions with

Advanced Incident Detection and Threat Hunting using Sysmon (and

Advanced Incident Detection and Threat Hunting using Sysmon (and

Brazilian banking Trojans meet PowerShell | Securelist

Brazilian banking Trojans meet PowerShell | Securelist

Hunting on the Cheap, part 3: Hunting on Hosts | Endgame

Hunting on the Cheap, part 3: Hunting on Hosts | Endgame

Analyzing Sophisticated PowerShell Targeting Japan | InQuest

Analyzing Sophisticated PowerShell Targeting Japan | InQuest

Part 1: Intro to Threat Hunting with Powershell Empire, Windows

Part 1: Intro to Threat Hunting with Powershell Empire, Windows

How to build a Threat Hunting platform using ELK Stack [Part 2

How to build a Threat Hunting platform using ELK Stack [Part 2

NorthSec: Threat Hunting Utilizing the ELK Stack and Machine Learning

NorthSec: Threat Hunting Utilizing the ELK Stack and Machine Learning

PowerMeta - PowerShell Script to Search Publicly Files for a

PowerMeta - PowerShell Script to Search Publicly Files for a

Hunting and detecting APTs using Sysmon and PowerShell logging

Hunting and detecting APTs using Sysmon and PowerShell logging

Threat Hunting with MITRE's ATT&CK Framework: Part 1 | Digital Guardian

Threat Hunting with MITRE's ATT&CK Framework: Part 1 | Digital Guardian

Triple Threat: Emotet Deploys TrickBot to Steal Data & Spread Ryuk

Triple Threat: Emotet Deploys TrickBot to Steal Data & Spread Ryuk

Threat Alert: “PowerWare,” New Ransomware Written in PowerShell

Threat Alert: “PowerWare,” New Ransomware Written in PowerShell

How to Initiate a Threat Hunting Program (Part 1)? - Logsign

How to Initiate a Threat Hunting Program (Part 1)? - Logsign

Eric Conrad: DeepBlueCLI: a PowerShell Module for Hunt Teaming via

Eric Conrad: DeepBlueCLI: a PowerShell Module for Hunt Teaming via

The evolution of Microsoft Threat Protection—July update

The evolution of Microsoft Threat Protection—July update

BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz

BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz

Some stuff about security  : February 2017

Some stuff about security : February 2017

Tricks and COMfoolery: How Ursnif Evades Detection - Security Boulevard

Tricks and COMfoolery: How Ursnif Evades Detection - Security Boulevard

5 Surprising Things a Threat Hunt May Uncover | Trustwave

5 Surprising Things a Threat Hunt May Uncover | Trustwave

This is Advanced Incident Detection and Threat Hunting using Sysmon

This is Advanced Incident Detection and Threat Hunting using Sysmon

Best Practices for Threat Hunting in Large Networks

Best Practices for Threat Hunting in Large Networks

PowerShell and 'Fileless Attacks' – JASK

PowerShell and 'Fileless Attacks' – JASK

How to Gain Full PowerShell Visibility

How to Gain Full PowerShell Visibility

Threat Intelligence for Threat Hunting | Recorded Future

Threat Intelligence for Threat Hunting | Recorded Future

Proactive Cyber Defense - Modern CyberSOC - Strategy on building a

Proactive Cyber Defense - Modern CyberSOC - Strategy on building a

Malware Analysis using Osquery Part 1 | AT&T Alien Labs

Malware Analysis using Osquery Part 1 | AT&T Alien Labs

Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response W…

Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response W…

New Microsoft 365 Security and Compliance portals - Bloggerz cloud

New Microsoft 365 Security and Compliance portals - Bloggerz cloud

Splunking the Endpoint: Threat Hunting with Sysmon - Michael Haag

Splunking the Endpoint: Threat Hunting with Sysmon - Michael Haag

Advanced Digital Forensics, Incident Response, and Threat Hunting

Advanced Digital Forensics, Incident Response, and Threat Hunting

New! Free Threat Hunting Service from AlienVault – OTX Endpoint

New! Free Threat Hunting Service from AlienVault – OTX Endpoint