Threat Hunting Notes

Reading

Introducing the PEAK Threat Hunting Framework | Splunk

Introducing HEARTH: A Community-Driven Threat Hunting Repository

GitHub - THORCollective/HEARTH: A community-driven repository for threat hunting ideas, methodologies, and research that serves as a central gathering place for hunters to share knowledge, collaborate on techniques, and advance the field of threat hunting.

How to Easily Search Windows Event Logs Across Hundreds of Servers - WhatsUp Gold

Critical Windows Event ID's to Monitor

Repo

Windows Event Logs & Finding Evil Module | FaresMorcy

Tools

GitHub - darkoperator/Posh-Sysmon: PowerShell module for creating and managing Sysinternals Sysmon config files.

References

Sysmon - Sysinternals | Microsoft Learn

Windows Security Log Encyclopedia

 

 

Managed ad