Thinking of Starting a Adversary Hunting Program?
Adversary hunting is the stealthy and surgical detection and eviction of adversaries within your network without prior adversary knowledge or known indicators of compromise. The goal of hunting is to detect and evict adversaries that have bypassed defenses before damage and loss can occur. To do so, a hunter must be able to enter the network undetected, identify the adversary at any stage of the kill chain, and evict them without disrupting running systems.
But even after following online tutorials, attending webinars and workshops – you might be struggling to achieve any justifiable success with your adversary hunting program, or simply lost with the large amount of data generated from the first hunt.
In this paper we have laid down the top 10 most important tasks to perform to make your adversary hunting program a success.