Professional Documents
Culture Documents
TH Resources
TH Resources
TH Resources
Sans Papers:
The Who, What, Where, When, Why and How of Effective Threat Hunting
https://www.sans.org/reading-room/whitepapers/analyst/who-what-where-when-effective-threat-
hunting-36785
Hunting with Rigor: Quantifying the Breadth, Depth and Threat Intelligence Coverage of a
Threat Hunt in Industrial Control System Environments
https://www.sans.org/reading-room/whitepapers/threathunting/hunting-rigor-quantifying-breadth-
depth-threat-intelligence-coverage-threat-hunt-industrial-control-system-environments-38515
Offensive Intrusion Analysis: Uncovering Insiders with Threat Hunting and Active Defense
https://www.sans.org/reading-room/whitepapers/threathunting/offensive-intrusion-analysis-
uncovering-insiders-threat-hunting-active-defense-37885
The Importance of Business Information in Cyber Threat Intelligence (CTI), the information
required and how to collect it
https://www.sans.org/reading-room/whitepapers/threathunting/importance-business-information-
cyber-threat-intelligence-cti-information-required-collect-37740
Automated Analysis of abuse mailbox for employees with the help of Malzoo
https://www.sans.org/reading-room/whitepapers/threathunting/automated-analysis-abuse-
mailbox-employees-malzoo-37207
SANS Survey:
The Hunter Strikes Back: The SANS 2017 Threat Hunting Survey
https://www.sans.org/reading-room/whitepapers/analyst/hunter-strikes-back-2017-threat-
hunting-survey-37760
The 2018 SANS Industrial IoT Security Survey: Shaping IIoT Security Concerns
https://www.sans.org/reading-room/whitepapers/analyst/2018-industrial-iot-security-survey-
shaping-iiot-security-concerns-38505
Resources:
Awesome Threat Detection and Hunting
https://github.com/0x4D31/awesome-threat-detection
Presentation
Quantify Your Hunt
https://www.sans.org/summit-archives/file/summit-archive-1536351477.pdf
Video
https://www.databreachtoday.com/interviews/threat-hunting-how-to-evolve-your-incident-
response-i-4110
https://threathunting.org/
Cloud
Azure Security Center Playbook: Hunting Threats
https://gallery.technet.microsoft.com/Azure-Security-Center-549aa7a4
Chronicles of a Threat Hunter: Hunting for In-Memory Mimikatz with Sysmon and ELK - Part I
(Event ID 7)
https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for.html
Chronicles of a Threat Hunter: Hunting for In-Memory Mimikatz with Sysmon and ELK - Part II
(Event ID 10)
https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for_22.html
Method
https://attack.mitre.org/wiki/ATT&CK_Matrix
https://attack.mitre.org/wiki/Linux_Technique_Matrix
https://attack.mitre.org/wiki/ATT&CK_Matrix#Windows_ATT.26CK_for_Enterprise_Matrix
Others
http://threathunter.guru/
https://threathunting.org/