In January 2023, SOC Prime launched The Prime Hunt, an open-source browser add-on acting as a single platform-agnostic UI for threat hunters, regardless of a security solution in use. For over one year since The Prime Hunt launch, we have been working on the tool enhancements, broadening the supported technology stack and adding handy features […]
SOC Prime is committed to fostering collective cyber defense based on global threat intelligence, crowdsourcing, zero-trust, and extended by generative AI, enabling organizations to preempt attacks before they strike. One of the key pillars of collective cyber defense is active contribution to open-source projects that sets the ground for global industry collaboration by promoting knowledge […]
Part 2: Environment-Dependent Terms Overview of Series This is part 2 of a multi-part series that will cover frequent mistakes SOC Prime observes regularly in SIGMA. We will cover everything from common rule logic errors to common schema problems, and even some more obscure āgotchasā to think about. Some of these ideas will extend beyond […]
Adversaries behind a cross-platform BianLian ransomware target businesses in Australia, North America, and the UK, attacking multiple industries, including media and entertainment, healthcare, education, and manufacturing. The ransomware strain first surfaced in December 2021 and, according to recent reports, is currently undergoing active development. BianLian Ransomware Gang has already compromised at least 20 companies; however, […]
Lots of children break things not because they are little evil creatures but because they are curious about āhow itās made.ā Eventually, some of those children grow up and become Cybersecurity Analysts. They do basically the same but in an adult world.Ā Malware analysis is the process of studying a malware sample to understand what […]
Cyber Threat Hunting is a novel approach to Threat Detection which is aimed at finding cyber threats within an enterprise’s network before they do any harm. This includes deliberately looking for weak spots as well as any signs of ongoing attacks within a digital infrastructure. Threat Hunting is more complex than passive Threat Detection and […]
A good threat hunting hypothesis is key to identifying weak spots in an organizationās digital infrastructure. Just learn to ask the right questions, and you will get the answers that youāre looking for. In this blog post, we review a proactive threat hunting methodology: Hypothesis-Driven Threat Hunting. Letās dive right in! Detect & Hunt Explore […]
In our series of guides on Threat Hunting Basics, weāve already covered multiple topics, from techniques and tools threat hunting teams use to the certifications for professionals and beginners. But what makes good Cyber Hunting, and how can you evaluate it? One of the ways to measure the effectiveness of the hunting procedures is by […]
How to become a Threat Hunter? This question is extremely popular in the cybersecurity community. The next important question is how to advance your Threat Hunting career. In both cases, obtaining professional certifications is the best answer. Whether youāre a beginner or an accomplished specialist, continuous learning is what helps you become the best version […]
Security analysts report an increasing number of cases of adversarial abuse of software called ‘proxyware’. Users can install proxyware (operated via the client application) and become bandwidth donors by sharing their internet connection via services like Peer2Profit and IPRoyal. The hosts, incentivized with monetary rewards, enable other users to access the web from their location […]