Skip to content
Stories
 2026-06-06 Threat Hunting Playbook · Early June 2026 — Hunt Hypotheses, Detection Rules, and the Telemetry You Actually Need  2026-06-03 A Practical Detection Engineering Framework Used by Modern SOCs  2026-06-03 What Cloud Logs You Actually Need for Threat Hunting (And Why Most Teams Fail)  2026-06-03 How to Measure Detection Quality: Metrics Every Detection Engineer Must Track  2026-06-01 Weekly Threat Advisory: Top Cyber Adversaries May 24 – 31, 2026  2026-05-25 Weekly Threat Advisory: Top Cyber Adversaries May 18 – 24, 2026  2026-05-18 Weekly Threat Advisory: Top Cyber Adversaries May 11 – 17, 2026  2026-05-16 Living-off-the-Cloud Attack-Chain Detection: CloudTrail and VPC Flow Fusion  2026-05-16 Insider Threat Detection from VPC Flow Logs (UEBA Without Endpoints)  2026-05-16 Kubernetes East-West Attack Hunting from VPC Flow Logs  2026-05-16 Tor and Anonymizer Egress Hunting on VPC Flow Logs  2026-05-16 Cloud Cryptojacking Detection at Scale: Mining-Pool Hunting on AWS  2026-05-16 TLS Fingerprinting (JA3, JA4, JARM) for Encrypted C2 Hunting  2026-05-16 DGA and DNS-Tunnel Hunting at Scale on VPC Flow Logs  2026-05-15 Lateral Movement Detection via Graph Analysis on VPC Flow Logs  2026-05-15 Detecting Low-and-Slow Data Exfiltration with Isolation Forest + LSTM  2026-05-15 Hunting Botnet Coordination and DDoS Staging with Clustering  2026-05-15 Living-off-the-Land Kill Chain Detection with Markov Chains  2026-05-13 Adaptive C2 Beacon Detection: FFT and DBSCAN on VPC Flow Logs  2026-05-11 Weekly Threat Advisory: Top Cyber Adversaries May 04 – 10, 2026  2026-05-09 AWS Bedrock Threat Hunting: A CloudTrail Log Analysis Playbook  2025-10-22 Weekly Threat Advisory: The Most Active Cyber Adversaries October 13 – October 19, 2025  2025-10-22 Weekly Threat Advisory: The Most Active Cyber Adversaries October 06 – October 12, 2025  2025-10-08 Weekly Threat Advisory: The Most Active Cyber Adversaries Sep 29 – Oct 05, 2025  2025-10-02 Weekly Threat Advisory: Top Cyber Threats from September 22 – September 28 2025  2025-09-23 Weekly Threat Advisory: Top Cyber Threats from September 15 – September 21 2025  2025-09-23 Weekly Threat Advisory: Top Cyber Threats from September 08 – September 14 2025  2025-09-09 Weekly Threat Advisory: Top Cyber Threats from September 01 – September 07 2025  2025-09-09 Weekly Threat Advisory: Top Cyber Threats from August 25- August 31 2025  2025-08-26 Weekly Threat Advisory: Top Cyber Threats from August 18- August 24, 2025  2025-08-18 Weekly Threat Advisory: Top Cyber Threats from August 11- August 17, 2025  2025-08-10 Weekly Threat Advisory: Top Cyber Threats from August 04- August 10, 2025  2025-08-05 Weekly Threat Advisory: Top Cyber Threats from July 14- August 03, 2025  2025-08-05 Weekly Threat Advisory: Top Cyber Threats from June 16- June 22, 2025  2025-08-05 Weekly Threat Advisory: Top Cyber Threats from June 09 – June 15, 2025  2025-08-05 Weekly Threat Advisory: Top Cyber Threats from June 02 – June 08, 2025  2025-07-14 AWS Cloud Attack Summary  2025-06-17 Attack Hunting Using AWS VPC Flow Logs  2025-06-05 Weekly Threat Advisory: Top Cyber Threats from May 26 – June 01, 2025  2025-06-05 Weekly Threat Advisory Top Cyber Threats from May 19 – May 25, 2025  2025-05-21 Weekly Threat Advisory Top Cyber Threats from May 12 – May 18, 2025  2025-05-12 Weekly Threat Advisory Top Cyber Threats from May 4 – May 11, 2025  2025-04-27 Weekly Threat Advisory Top Cyber Threats from April 20 – April 27, 2025  2025-04-20 Weekly Threat Advisory Top Cyber Threats from April 14 – April 20, 2025  2025-04-14 Weekly Threat Advisory Top Cyber Threats from April 07 – April 13, 2025  2025-04-12 Hunting AWS Identity Attacks  2025-04-07 Weekly Threat Advisory Top Cyber Threats from March 30 – April 6 2025  2025-03-30 Weekly Threat Advisory Top Cyber Threats from March 24 – March 30 2025  2025-03-23 Weekly Threat Advisory Top Cyber Threats from March 17 – March 23 2025  2025-03-16 Weekly Threat Advisory Top Cyber Threats from March 10 – March 16 2025

Detect Diagnose Defeat Cyber Threat

Detect Diagnose Defeat Cyber Threat

  • Home
  • Threat Intelligence
    • Weekly Advisories
    • Adversary Profiles
    • MITRE Coverage
  • Threat Hunting
    • VPC Flow Log Hunting
    • Cloud Threat Hunting
    • Detection Engineering
  • Platform
    • Intelligence Overview
    • Platform Architecture
    • Threat Actors
    • C2 Operations
    • Knowledge Graph
  • Blog
    • Cyber Threat
    • Packet Forensics and Analytics
    • Threat Intelligence
    • Linux Forensics
    • General
    • Digital Forensics
    • Data Recovery
    • ProDiscover
×
Malicious Processes Creating Network Traffic-
0 525
Posted in Cyber Threat Packet Forensics and Analytics

Hunting Strategies and Techniques of Malicious Processes Creating Network Traffic

Project Name: Hunting Strategies and Techniques of Malicious Processes Creating… read out Hunting Strategies and Techniques of Malicious Processes Creating Network Traffic

Rohit Sadgune 20th October 2024 0 Comment
Strategies and Evasion Techniques
0 473
Posted in Cyber Threat

How Cyber Attackers Exploit IP Addresses the Key Strategies and Evasion Techniques

Attackers frequently exploit IP addresses as indicators during cyberattacks for… read out How Cyber Attackers Exploit IP Addresses the Key Strategies and Evasion Techniques

Rohit Sadgune 17th October 2024 0 Comment
Threat Hunting for CloudFanta
0 508
Posted in Cyber Threat

Threat Hunting for CloudFanta

How to do threat hunting for CloudFanta’s through logs

Rohit Sadgune 5th October 2024 0 Comment
Cyber Threat Hunt Cycle
0 541
Posted in Cyber Threat Linux Training

Linux threat hunting using CUT SORT UNIQ DIFF

Linux threat hunting

Rohit Sadgune 6th July 2024 0 Comment
Cyber Threat Hunting
0 795
Posted in Cyber Threat Packet Forensics and Analytics

Network Threat Hunting with Outbound Traffic

In the complex environment of cybersecurity, proactive threat hunting is… read out Network Threat Hunting with Outbound Traffic

Rohit Sadgune 8th December 2023 0 Comment

Posts pagination

← Newer posts 1 … 10 11 12 13 14 … 23 Older posts →

Recent Posts

  • Threat Hunting Playbook · Early June 2026 — Hunt Hypotheses, Detection Rules, and the Telemetry You Actually Need
  • A Practical Detection Engineering Framework Used by Modern SOCs
  • What Cloud Logs You Actually Need for Threat Hunting (And Why Most Teams Fail)
  • How to Measure Detection Quality: Metrics Every Detection Engineer Must Track
  • Weekly Threat Advisory: Top Cyber Adversaries May 24 – 31, 2026
  • Weekly Threat Advisory: Top Cyber Adversaries May 18 – 24, 2026
  • Weekly Threat Advisory: Top Cyber Adversaries May 11 – 17, 2026
  • Living-off-the-Cloud Attack-Chain Detection: CloudTrail and VPC Flow Fusion
  • Insider Threat Detection from VPC Flow Logs (UEBA Without Endpoints)
  • Kubernetes East-West Attack Hunting from VPC Flow Logs

Hackforlab Category

SOCIAL HACKFORLAB

FaceBook Page

FaceBook Page

SIEM | UEBA




GridView List Posts Widget

HACKFORLAB Threat Hunting Playbook · June 1-7, 2026 · Hunt hypotheses, query patterns, detection engineering recipes · open-source C2 frameworks, Linux backdoors, helpdesk impersonation extortion, APT campaigns, supply chain worms, commodity RATs, IoT botnets
8

Threat Hunting Playbook · Early June 2026 — Hunt Hypotheses, Detection Rules, and the Telemetry You Actually Need

THREAT HUNTING · EARLY JUNE 2026 PLAYBOOK A threat-intelligence report tells you the adversary exists. A hunt playbook tells you...
A Practical Detection Engineering Framework — 5-stage lifecycle from hypothesis to shipped rule used by modern SOCs · Hypothesis · Data · Logic · Validation · Metrics
7

A Practical Detection Engineering Framework Used by Modern SOCs

DETECTION ENGINEERING · CORNERSTONE GUIDE The difference between an alert farm and a detection engineering practice is not better tooling...
What Cloud Logs You Actually Need to Hunt — log dependency map across AWS, Azure, and GCP for threat hunting · VPC Flow · CloudTrail · K8s Audit · coverage · blind spots
5

What Cloud Logs You Actually Need for Threat Hunting (And Why Most Teams Fail)

On this page Why Most Teams Fail The Log Dependency Map AWS / Azure / GCP Coverage Matrix When Logs...
How to Measure Detection Quality — precision, recall, MTTD, FP rate, SLO — metrics every detection engineer must track
5

How to Measure Detection Quality: Metrics Every Detection Engineer Must Track

Detection Engineering  ·  Operator Playbook If your detection portfolio is a black box, every conversation about coverage, hiring, tooling and...
Weekly Threat Advisory cover · Top Cyber Adversaries May 24 – 31, 2026 · 1.35M observations · 87 adversary clusters · CobaltStrike · Cloud Atlas · DPRK · Kimsuky · Void Dokkaebi · AdaptixC2 · VShell
11

Weekly Threat Advisory: Top Cyber Adversaries May 24 – 31, 2026

⚠ Weekly Threat Advisory — May 24 – 31, 2026 What this advisory covers — read this first This advisory...

Cyber Threat Attacks / Hunting

HACKFORALB successfully completed threat hunting for following attack…

DNS Reconnaissance, Domain Generation Algorithm (DGA), Robotic Pattern Detection, DNS Shadowing , Fast Flux DNS , Beaconing , Phishing , APT , Lateral Movement , Browser Compromised , DNS Amplification , DNS Tunneling , Skeleton key Malware , Advance Persistent Threats, Low and Slow attacks , DoS, Watering Hole Attack Detection, Weh Shell , DNS Water Torch Attack , Intrusion Detection, Cookie visibility and theft, User login Session hijacking, Broken Trust, Pass the Hash, Session fixation, Honey Token account suspicious activities, Data Snooping / Data aggregation, Cross Channel Data Egress, Banking fraud detection, Chopper Web shell

Cyber Deception




  • Facebook
  • LinkedIN
  • Twitter
  • Google+

FOLLOW US

  • Facebook
  • LinkedIN
  • Twitter
  • Google+

CYBER THREAT CATEGORIES

  • Cyber Threat (47)
  • Data Recovery (3)
  • Digital Forensics (16)
  • General (11)
  • Linux Server Investigation (1)
  • Linux Training (1)
  • Packet Forensics and Analytics (8)
  • ProDiscover (4)
  • Threat Intelligence (31)

Top Cyber Security Articles

  • Network Threat Hunting with Outbound Traffic
    Network Threat Hunting with Outbound Traffic
  • Network Vulnerability and Attacks by Layer
    Network Vulnerability and Attacks by Layer
  • How to use ProDiscover
    How to use ProDiscover
  • Digital Forensic Checklist
    Digital Forensic Checklist
  • Types of System Software
    Types of System Software

Threat Hunting Scenarios




Copyright HACKFORLAB

Design by ThemesDNA.com