Been seeing incredible growth of hunt teams in the last year, whether standing up for the first time, or re-branding from existing activities. Unlike many other security trends, Hunt is actually fairly easy to define (find bad guys that have bypassed your security controls) but the consensus is that it's
"Am I breached?"
"Is someone monitoring my systems right now, logging my keystrokes, stealing my credit card information or intellectual property?"
How would you answer these questions in your organization?
Aha, I saw what you just tried to do there. You just reached for your old, dusty antivirus
Last week Infocyte was doing a product demo for a partner who wants to do compromise assessments (like these guys). They chose an existing client to do a limited scan using our product, selecting a handful of systems... and we found something interesting.
Now that's not the interesting part; we
It's almost universally accepted that antivirus isn't effective enough and we see breaches in the news every day. Over the last year I've had a lot of conversations around the role of hunt and compromise assessments even within a SOC that does real-time monitoring and response. I hope this post
PSHunt is divided into several modules, functions, and folders. The below gives an outline of the grouping of these functions and upcoming posts will describe how how to use them with examples and screenshots.
Discovery functions and cmdlets are used to identify hosts on the network and