Ouafae Hannaoui’s Post

Insights from the Inside…. Thabet Awad (Microsoft Detection And Response Team - DART) describes modern threats to authentication and how KQL can help you come to the rescue.

Registration to the 'Threat Detection & Hunting in the Era of Security Lakes: Part 2' webinar is open! https://lnkd.in/dUQfmVgc Join Ruslan Mikhalov and Mark Luescher on June 6 at 11 AM CT to for an insightful demo showcasing practical use cases on how to unlock the power of Amazon Security Lake using the SOC Prime Platform to accelerate threat detection and improve hunting capabilities at scale. Did you miss the previous webinar? The recording is available here: https://lnkd.in/dT7m38jU #CyberSecurity #webinar

Great read related to the Microsoft Security Exposure Management (#XSPM) enterprise exposure graph and advanced hunting. The blog delves deep into the XSPM's underlying data tables, ExposureGraphNodes & ExposureGraphEdges, and attack surface map. Advanced hunting scenarios included: Nodes with specific properties - List critical assets - VMs with specific vulnerabilities Connected nodes with specific properties: - Users that have access to key vaults - Critical users that can access storage accounts with sensitive data Paths between nodes with specific properties: - Users that have access to storage accounts with sensitive data - SQL servers or managed instances with basic authentication that have access to key vaults Reference: https://bit.ly/4bQnvE3 If you want to get started with XSPM, take a look at: https://bit.ly/3PZd3BC https://bit.ly/3Jzi7Ju

🔍 Advanced Threat Hunting: Key Techniques to Spot Hidden Threats Don’t wait for your SIEM to trigger. Be proactive and search for adversaries lurking in your environment. Here are some core strategies: 1️⃣ Baseline Your Network: Tools like OSQuery & Sysmon help you learn what’s “normal.” Hunt for anomalies like mshta.exe spawning cmd.exe, a common red flag for malicious activity. 2️⃣ Persistence Hunting: Check registry run keys, scheduled tasks, and WMI event subscriptions—attackers use these for long-term access. Automate these checks with Autoruns and Velociraptor. 3️⃣ Use EDR Tools: Many advanced Platforms give real-time endpoint telemetry. Hunt for credential dumping via procdump or mimikatz, and unusual file access in locations like AppData or Temp. 4️⃣ Hunt via DNS & Traffic Analysis: Use Zeek and Suricata to monitor DNS queries for rare domains, DNS tunneling, or encrypted C2 traffic. Combine this with PCAP analysis in Wireshark for deeper insights. 5️⃣ Monitor PowerShell: Enable script block logging to detect suspicious commands like -EncodedCommand or unexpected downloads via Invoke-WebRequest. Use Sysmon and ELK for log analysis. 6️⃣ Memory Forensics: Tools like Volatility can reveal hidden in-memory attacks. Look for DLL injections or processes running without corresponding files on disk. 7️⃣ Map to MITRE ATT&CK: Align your hunts with MITRE ATT&CK to spot adversary tactics like T1218 (signed binary proxy execution) and other known behaviors. Connect the dots,Hunt smart, stay ahead, and always question what you can’t see! #ThreatHunting #EDR #Sysmon #PowerShell #DNSHunting #MemoryForensics #MITREATTACK

Information Gathering: Web Edition (Bug Hunting Phase 1) After dedicating over two weeks to mastering Information Gathering and Web Reconnaissance, I am very happy to announce that I have completed this module with extensive hands-on practicals and bug hunting. This journey has been an incredible rollercoaster, and I'm proud to have achieved a top 1% ranking on Hack The Box (HTB)! Here's what I covered both theoretically and practically: ->WHOIS: ..Utilizing WHOIS ..grep Specific Details ->DNS: ->Digging DNS ..dig ->Subdomain Bruteforcing ..sublist3r ..dnsenum ->DNS Zone Transfer ..dnsrecon ->Virtual Hosts: ->VHosts Fuzzing ..ffuf ..gobuster ->Automating Reccon ->Certificate Transparency (CT) Logs: ->CT Logs and Web Recon ..crt.sh ->Fingerprinting: ..whatweb ..builtwith ->Banner Grabbing ..curl ..wget ..Wafw00f ..Nikto ->Crawling (Spidering): ->robots.txt in Web Recon ->Well-Known URLs ->Creepy Crawlers: ..Scrapy ..ReconSpider ->Search Engine Discovery: ..Search Operators ..Google Dorking ->Web Archives: ..WayBack Machine Web Recon ..waybackurls #CyberSecurity #PenetrationTesting #EthicalHacking #InfoSec #BugBounty #WebReconnaissance #HackTheBox #CTF #InformationSecurity #SecurityResearch #ParrotOS #HTB #OffensiveSecurity #CPTS #InformationGathering #InfosecCommunity #CPTS #CyberSecurityTraining #BugHunting #HackerLife #OffSec #WebSecurity #Reconnaissance #CyberSec #SecurityTesting #CyberThreats #ThreatHunting #SecurityAnalyst #VulnerabilityAssessment #RedTeam #BlueTeam #OSINT #CyberSkills

Join us on June 6, 12 PM (EDT) for Part 2 of our exclusive joint webinar with Amazon Security Lake to dive into a hands-on demo showcasing how to accelerate threat detection and hunting capabilities in the Era of Security Data Lakes. Register now: #Webinar #CyberSecurity #ThreatDetection #ThreatHunting

Join us for the upcoming joint webinar on May 2, 12 PM (EDT) to gain insights into how SOC Prime unleashes the power of Amazon Security Lake to advance threat detection & hunting in the Era of Security Data Lakes. The webinar speakers, Ruslan Mikhalov, Chief of Threat Research at SOC Prime, and Marc Luescher, Solution Architect at Amazon Web Services, we’ll dive into: ● The New Security Operations Contents: The ever-expanding attack surface and other cybersecurity hurdles challenging modern-day threat detection strategies & capabilities ● Arrival of Amazon Security Data Lake: How the solution helps overcome the current security data challenges backed by cutting-edge technologies ● How to Risk-Optimize Your Cybersecurity Posture: Ensure complete threat visibility with SOC Prime and Amazon Security Lake ● How to Advance Threat Detection & Hunting: Accelerate threat detection & improve hunting backed by the joint solution. Register now: https://lnkd.in/dePSEYwA

Looking to get into AI/ML bug bounty hunting? Leverage what you already know and start from there. 👇 Familiar with web security? The same vulnerabilities apply, just dressed up in ML systems. Comfortable with code reviews? It’s still about finding those weak spots—the subtle patterns and misconfigurations that can compromise the system. Trust us, it's not as daunting as you think. And to help, we even put together a comprehensive beginners guide to get you started. 🐰 Time to start hunting 🏹: https://hubs.ly/Q02P8YL30 #bugbounty #mlsecurity #huntr

Since February, the National Vulnerability Database (NVD) has been struggling with a major backlog in processing and enriching CVEs. Despite bringing on Analygence in June to help NIST clear the logjam, progress has been slow, leaving potential blind spots for organizations relying solely on CVE data for security. So, what can you do? Your organization can't afford to wait. Instead of focusing only on CVEs, shift your attention to understanding and mitigating behaviors and TTPs used by threat actors. SnapAttack is here to help. We empower your security team to detect the threats that matter by delivering actionable, threat-intel-driven detection rules and hunting queries, so you can stay ahead of the curve. Don’t wait for the NVD to catch up—book a demo today and see how we can help you proactively manage your threat landscape: www.snapattack.com/demo #cybersecurity #threatdetection #threaitIntel

CDM Phases and Sqrrl https://lnkd.in/e3ze6fap This post was originally published here by Ely Kahn. Sqrrl’s Threat Hunting Platform is at the forefront of supporting the Department of Homeland Security’s mission of defending the United States against threats in cyberspace. The Threat Hunting Platform features: Machine learning and graph algorithms to detect kill chain behaviors Sqrrl’s Security Behavior Graph, which leverages link analysis to enable analysts to easily create attack narratives Big Data processing and storage using Hadoop and Apache Accumulo MNGEVT use cases include APT detection, insider threat detection, and malware detection. OMI use cases include alert investigations and incident investigations. Sqrrl’s Threat Hunting Platform […]