Skip to content
Stories
 2026-06-19 The Complete AWS Threat Hunting Library: 27 Cloud Hunts, 7 Flagship Playbooks, and the Full Archive (2026)  2026-06-19 AWS Organizations Compromise: Hunting the Multi-Account Federation Attack  2026-06-19 Athena and S3 Data Lake Exfiltration: Hunting the SQL-Powered Data Heist  2026-06-19 EventBridge and SNS as Covert C2: Hunting Native AWS Messaging Abuse  2026-06-19 Hunting CI/CD Compromise in AWS: CodeBuild, CodePipeline, and the Buildspec Backdoor  2026-06-19 GuardDuty Evasion Hunt: 9 Techniques Adversaries Use to Stay Silent on AWS  2026-06-19 AWS KMS Ransomware Hunt: When Your Encryption Keys Become the Attacker’s Weapon  2026-06-19 CloudTrail Blind Spots: 12 Places AWS Doesn’t Log (And How to Hunt There Anyway)  2026-06-19 From SOC Analyst to Threat Hunter in 15 Months: The Complete 2026 Career Roadmap  2026-06-15 12 Must-Know AI Terms in 2026: The Complete Glossary for Builders, Defenders, and Learners  2026-06-15 Weekly Threat Advisory: Top Cyber Adversaries, June 8 – 14, 2026  2026-06-07 Weekly Threat Advisory: Top Cyber Adversaries, June 1 – 7, 2026  2026-06-06 The Threat Hunter’s Sigma Playbook: 7 Hunts Every Modern SOC Must Run  2026-06-03 A Practical Detection Engineering Framework Used by Modern SOCs  2026-06-03 What Cloud Logs You Actually Need for Threat Hunting (And Why Most Teams Fail)  2026-06-03 How to Measure Detection Quality: Metrics Every Detection Engineer Must Track  2026-06-01 Weekly Threat Advisory: Top Cyber Adversaries May 24 – 31, 2026  2026-05-25 Weekly Threat Advisory: Top Cyber Adversaries May 18 – 24, 2026  2026-05-18 Weekly Threat Advisory: Top Cyber Adversaries May 11 – 17, 2026  2026-05-16 Living-off-the-Cloud Attack-Chain Detection: CloudTrail and VPC Flow Fusion  2026-05-16 Insider Threat Detection from VPC Flow Logs (UEBA Without Endpoints)  2026-05-16 Kubernetes East-West Attack Hunting from VPC Flow Logs  2026-05-16 Tor and Anonymizer Egress Hunting on VPC Flow Logs  2026-05-16 Cloud Cryptojacking Detection at Scale: Mining-Pool Hunting on AWS  2026-05-16 TLS Fingerprinting (JA3, JA4, JARM) for Encrypted C2 Hunting  2026-05-16 DGA and DNS-Tunnel Hunting at Scale on VPC Flow Logs  2026-05-15 Lateral Movement Detection via Graph Analysis on VPC Flow Logs  2026-05-15 Detecting Low-and-Slow Data Exfiltration with Isolation Forest + LSTM  2026-05-15 Hunting Botnet Coordination and DDoS Staging with Clustering  2026-05-15 Living-off-the-Land Kill Chain Detection with Markov Chains  2026-05-13 Adaptive C2 Beacon Detection: FFT and DBSCAN on VPC Flow Logs  2026-05-11 Weekly Threat Advisory: Top Cyber Adversaries May 04 – 10, 2026  2026-05-09 AWS Bedrock Threat Hunting: A CloudTrail Log Analysis Playbook  2025-10-22 Weekly Threat Advisory: The Most Active Cyber Adversaries October 13 – October 19, 2025  2025-10-22 Weekly Threat Advisory: The Most Active Cyber Adversaries October 06 – October 12, 2025  2025-10-08 Weekly Threat Advisory: The Most Active Cyber Adversaries Sep 29 – Oct 05, 2025  2025-10-02 Weekly Threat Advisory: Top Cyber Threats from September 22 – September 28 2025  2025-09-23 Weekly Threat Advisory: Top Cyber Threats from September 15 – September 21 2025  2025-09-23 Weekly Threat Advisory: Top Cyber Threats from September 08 – September 14 2025  2025-09-09 Weekly Threat Advisory: Top Cyber Threats from September 01 – September 07 2025  2025-09-09 Weekly Threat Advisory: Top Cyber Threats from August 25- August 31 2025  2025-08-26 Weekly Threat Advisory: Top Cyber Threats from August 18- August 24, 2025  2025-08-18 Weekly Threat Advisory: Top Cyber Threats from August 11- August 17, 2025  2025-08-10 Weekly Threat Advisory: Top Cyber Threats from August 04- August 10, 2025  2025-08-05 Weekly Threat Advisory: Top Cyber Threats from July 14- August 03, 2025  2025-08-05 Weekly Threat Advisory: Top Cyber Threats from June 16- June 22, 2025  2025-08-05 Weekly Threat Advisory: Top Cyber Threats from June 09 – June 15, 2025  2025-08-05 Weekly Threat Advisory: Top Cyber Threats from June 02 – June 08, 2025  2025-07-14 AWS Cloud Attack Summary  2025-06-17 Attack Hunting Using AWS VPC Flow Logs

Detect Diagnose Defeat Cyber Threat

Detect Diagnose Defeat Cyber Threat

  • Home
  • Threat Intelligence
    • Weekly Advisories
    • Adversary Profiles
    • MITRE Coverage
  • Threat Hunting
    • VPC Flow Log Hunting
    • Cloud Threat Hunting
    • Detection Engineering
  • Platform
    • Intelligence Overview
    • Platform Architecture
    • Threat Actors
    • C2 Operations
    • Knowledge Graph
  • Blog
    • Cyber Threat
    • Packet Forensics and Analytics
    • Threat Intelligence
    • Linux Forensics
    • General
    • Digital Forensics
    • Data Recovery
    • ProDiscover
×

Tag: Credential Theft via FTP

Malicious Processes Creating Network Traffic-
0 537
Posted in Cyber Threat Packet Forensics and Analytics

Hunting Strategies and Techniques of Malicious Processes Creating Network Traffic

Project Name: Hunting Strategies and Techniques of Malicious Processes Creating… read out Hunting Strategies and Techniques of Malicious Processes Creating Network Traffic

Rohit Sadgune 20th October 2024 0 Comment

Recent Posts

  • The Complete AWS Threat Hunting Library: 27 Cloud Hunts, 7 Flagship Playbooks, and the Full Archive (2026)
  • AWS Organizations Compromise: Hunting the Multi-Account Federation Attack
  • Athena and S3 Data Lake Exfiltration: Hunting the SQL-Powered Data Heist
  • EventBridge and SNS as Covert C2: Hunting Native AWS Messaging Abuse
  • Hunting CI/CD Compromise in AWS: CodeBuild, CodePipeline, and the Buildspec Backdoor
  • GuardDuty Evasion Hunt: 9 Techniques Adversaries Use to Stay Silent on AWS
  • AWS KMS Ransomware Hunt: When Your Encryption Keys Become the Attacker’s Weapon
  • CloudTrail Blind Spots: 12 Places AWS Doesn’t Log (And How to Hunt There Anyway)
  • From SOC Analyst to Threat Hunter in 15 Months: The Complete 2026 Career Roadmap
  • 12 Must-Know AI Terms in 2026: The Complete Glossary for Builders, Defenders, and Learners

Hackforlab Category

SOCIAL HACKFORLAB

FaceBook Page

FaceBook Page

SIEM | UEBA




GridView List Posts Widget

The AWS Threat Hunting Library — 7 hunts every cloud SOC should run · HackForLab AWS Threat Hunting series hub
6

The Complete AWS Threat Hunting Library: 27 Cloud Hunts, 7 Flagship Playbooks, and the Full Archive (2026)

⚙ AWS THREAT HUNTING · CORNERSTONE LIBRARY · 2026 EDITION The Amazon Web Services attack surface is broader than most...
AWS Organizations Compromise — hunting the multi-account federation attack · HackForLab AWS Threat Hunting Part 7
6

AWS Organizations Compromise: Hunting the Multi-Account Federation Attack

AWS THREAT HUNTING · PART 07 OF 07 · 2026 An attacker who compromises the right role in your AWS...
Athena and S3 Data Lake Exfiltration — hunting the SQL-powered data heist · HackForLab AWS Threat Hunting Part 6
5

Athena and S3 Data Lake Exfiltration: Hunting the SQL-Powered Data Heist

AWS THREAT HUNTING · PART 06 OF 07 · 2026 If your most valuable data lives in S3 and your...
EventBridge and SNS as Covert C2 — hunting AWS-native messaging abuse · HackForLab AWS Threat Hunting Part 5
5

EventBridge and SNS as Covert C2: Hunting Native AWS Messaging Abuse

AWS THREAT HUNTING · PART 05 OF 07 · 2026 When adversaries route command-and-control through native AWS messaging — EventBridge...
Hunting CI/CD Compromise in AWS — CodeBuild, CodePipeline, and the buildspec backdoor · HackForLab AWS Threat Hunting Part 4
5

Hunting CI/CD Compromise in AWS: CodeBuild, CodePipeline, and the Buildspec Backdoor

AWS THREAT HUNTING · PART 04 OF 07 · 2026 An attacker who compromises your CI/CD pipeline owns every artefact...

Cyber Threat Attacks / Hunting

HACKFORALB successfully completed threat hunting for following attack…

DNS Reconnaissance, Domain Generation Algorithm (DGA), Robotic Pattern Detection, DNS Shadowing , Fast Flux DNS , Beaconing , Phishing , APT , Lateral Movement , Browser Compromised , DNS Amplification , DNS Tunneling , Skeleton key Malware , Advance Persistent Threats, Low and Slow attacks , DoS, Watering Hole Attack Detection, Weh Shell , DNS Water Torch Attack , Intrusion Detection, Cookie visibility and theft, User login Session hijacking, Broken Trust, Pass the Hash, Session fixation, Honey Token account suspicious activities, Data Snooping / Data aggregation, Cross Channel Data Egress, Banking fraud detection, Chopper Web shell

Cyber Deception




  • Facebook
  • LinkedIN
  • Twitter
  • Google+

FOLLOW US

  • Facebook
  • LinkedIN
  • Twitter
  • Google+

CYBER THREAT CATEGORIES

  • Cyber Threat (55)
  • Data Recovery (3)
  • Digital Forensics (16)
  • General (13)
  • Linux Server Investigation (1)
  • Linux Training (1)
  • Packet Forensics and Analytics (8)
  • ProDiscover (4)
  • Threat Intelligence (33)

Top Cyber Security Articles

  • Network Threat Hunting with Outbound Traffic
    Network Threat Hunting with Outbound Traffic
  • Network Vulnerability and Attacks by Layer
    Network Vulnerability and Attacks by Layer
  • How to use ProDiscover
    How to use ProDiscover
  • Digital Forensic Checklist
    Digital Forensic Checklist
  • Types of System Software
    Types of System Software

Threat Hunting Scenarios




Copyright HACKFORLAB

Design by ThemesDNA.com