Skip to content
Stories
 2026-07-05 Weekly Threat Advisory: 5 APTs, 200 RATs, 74% High-Severity — The Week the C2 Flood Went Quiet (Jun 29 – Jul 5, 2026)  2026-06-28 Weekly Threat Advisory: APT Surge, Ransomware Full-Pivot, Messaging Weaponised — June 22-28, 2026  2026-06-25 Indicators of Compromise and Threat Intelligence: A Practitioner Reference  2026-06-22 Weekly Threat Advisory: Cluster Analysis & Top IOCs, June 15 – 21, 2026  2026-06-19 The Complete AWS Threat Hunting Library: 27 Cloud Hunts, 7 Flagship Playbooks, and the Full Archive (2026)  2026-06-19 AWS Organizations Compromise: Hunting the Multi-Account Federation Attack  2026-06-19 Athena and S3 Data Lake Exfiltration: Hunting the SQL-Powered Data Heist  2026-06-19 EventBridge and SNS as Covert C2: Hunting Native AWS Messaging Abuse  2026-06-19 Hunting CI/CD Compromise in AWS: CodeBuild, CodePipeline, and the Buildspec Backdoor  2026-06-19 GuardDuty Evasion Hunt: 9 Techniques Adversaries Use to Stay Silent on AWS  2026-06-19 AWS KMS Ransomware Hunt: When Your Encryption Keys Become the Attacker’s Weapon  2026-06-19 CloudTrail Blind Spots: 12 Places AWS Doesn’t Log (And How to Hunt There Anyway)  2026-06-19 From SOC Analyst to Threat Hunter in 15 Months: The Complete 2026 Career Roadmap  2026-06-15 12 Must-Know AI Terms in 2026: The Complete Glossary for Builders, Defenders, and Learners  2026-06-15 Weekly Threat Advisory: Top Cyber Adversaries, June 8 – 14, 2026  2026-06-07 Weekly Threat Advisory: Top Cyber Adversaries, June 1 – 7, 2026  2026-06-06 The Threat Hunter’s Sigma Playbook: 7 Hunts Every Modern SOC Must Run  2026-06-03 A Practical Detection Engineering Framework Used by Modern SOCs  2026-06-03 What Cloud Logs You Actually Need for Threat Hunting (And Why Most Teams Fail)  2026-06-03 How to Measure Detection Quality: Metrics Every Detection Engineer Must Track  2026-06-01 Weekly Threat Advisory: Top Cyber Adversaries May 24 – 31, 2026  2026-05-25 Weekly Threat Advisory: Top Cyber Adversaries May 18 – 24, 2026  2026-05-18 Weekly Threat Advisory: Top Cyber Adversaries May 11 – 17, 2026  2026-05-16 Living-off-the-Cloud Attack-Chain Detection: CloudTrail and VPC Flow Fusion  2026-05-16 Insider Threat Detection from VPC Flow Logs (UEBA Without Endpoints)  2026-05-16 Kubernetes East-West Attack Hunting from VPC Flow Logs  2026-05-16 Tor and Anonymizer Egress Hunting on VPC Flow Logs  2026-05-16 Cloud Cryptojacking Detection at Scale: Mining-Pool Hunting on AWS  2026-05-16 TLS Fingerprinting (JA3, JA4, JARM) for Encrypted C2 Hunting  2026-05-16 DGA and DNS-Tunnel Hunting at Scale on VPC Flow Logs  2026-05-15 Lateral Movement Detection via Graph Analysis on VPC Flow Logs  2026-05-15 Detecting Low-and-Slow Data Exfiltration with Isolation Forest + LSTM  2026-05-15 Hunting Botnet Coordination and DDoS Staging with Clustering  2026-05-15 Living-off-the-Land Kill Chain Detection with Markov Chains  2026-05-13 Adaptive C2 Beacon Detection: FFT and DBSCAN on VPC Flow Logs  2026-05-11 Weekly Threat Advisory: Top Cyber Adversaries May 04 – 10, 2026  2026-05-09 AWS Bedrock Threat Hunting: A CloudTrail Log Analysis Playbook  2025-10-22 Weekly Threat Advisory: The Most Active Cyber Adversaries October 13 – October 19, 2025  2025-10-22 Weekly Threat Advisory: The Most Active Cyber Adversaries October 06 – October 12, 2025  2025-10-08 Weekly Threat Advisory: The Most Active Cyber Adversaries Sep 29 – Oct 05, 2025  2025-10-02 Weekly Threat Advisory: Top Cyber Threats from September 22 – September 28 2025  2025-09-23 Weekly Threat Advisory: Top Cyber Threats from September 15 – September 21 2025  2025-09-23 Weekly Threat Advisory: Top Cyber Threats from September 08 – September 14 2025  2025-09-09 Weekly Threat Advisory: Top Cyber Threats from September 01 – September 07 2025  2025-09-09 Weekly Threat Advisory: Top Cyber Threats from August 25- August 31 2025  2025-08-26 Weekly Threat Advisory: Top Cyber Threats from August 18- August 24, 2025  2025-08-18 Weekly Threat Advisory: Top Cyber Threats from August 11- August 17, 2025  2025-08-10 Weekly Threat Advisory: Top Cyber Threats from August 04- August 10, 2025  2025-08-05 Weekly Threat Advisory: Top Cyber Threats from July 14- August 03, 2025  2025-08-05 Weekly Threat Advisory: Top Cyber Threats from June 16- June 22, 2025

Detect Diagnose Defeat Cyber Threat

Detect Diagnose Defeat Cyber Threat

  • Home
  • Threat Intelligence
    • Weekly Advisories
    • Adversary Profiles
    • MITRE Coverage
  • Threat Hunting
    • VPC Flow Log Hunting
    • Cloud Threat Hunting
    • Detection Engineering
  • Platform
    • Intelligence Overview
    • Platform Architecture
    • Threat Actors
    • C2 Operations
    • Knowledge Graph
  • Blog
    • Cyber Threat
    • Packet Forensics and Analytics
    • Threat Intelligence
    • Linux Forensics
    • General
    • Digital Forensics
    • Data Recovery
    • ProDiscover
×

Tag: SMB traffic hunting

Malicious Processes Creating Network Traffic-
0 553
Posted in Cyber Threat Packet Forensics and Analytics

Hunting Strategies and Techniques of Malicious Processes Creating Network Traffic

Project Name: Hunting Strategies and Techniques of Malicious Processes Creating… read out Hunting Strategies and Techniques of Malicious Processes Creating Network Traffic

Rohit Sadgune 20th October 2024 0 Comment

Recent Posts

  • Weekly Threat Advisory: 5 APTs, 200 RATs, 74% High-Severity — The Week the C2 Flood Went Quiet (Jun 29 – Jul 5, 2026)
  • Weekly Threat Advisory: APT Surge, Ransomware Full-Pivot, Messaging Weaponised — June 22-28, 2026
  • Indicators of Compromise and Threat Intelligence: A Practitioner Reference
  • Weekly Threat Advisory: Cluster Analysis & Top IOCs, June 15 – 21, 2026
  • The Complete AWS Threat Hunting Library: 27 Cloud Hunts, 7 Flagship Playbooks, and the Full Archive (2026)
  • AWS Organizations Compromise: Hunting the Multi-Account Federation Attack
  • Athena and S3 Data Lake Exfiltration: Hunting the SQL-Powered Data Heist
  • EventBridge and SNS as Covert C2: Hunting Native AWS Messaging Abuse
  • Hunting CI/CD Compromise in AWS: CodeBuild, CodePipeline, and the Buildspec Backdoor
  • GuardDuty Evasion Hunt: 9 Techniques Adversaries Use to Stay Silent on AWS

Hackforlab Category

SOCIAL HACKFORLAB

FaceBook Page

FaceBook Page

SIEM | UEBA




GridView List Posts Widget

HackForLab Weekly Threat Advisory · Jun 29 – Jul 5 2026 · command-center briefing cover · SITREP 026·27 · 1,524 unique IOCs · 1,129 high-severity · 64 clusters · 5 named APTs · 5 headline cards: AsyncRAT surge, TONResolver novel blockchain-resolved C2, trust-anchor verification-page phishing, APT week UNC1151 APT36 TeamPCP Lazarus BitterAPT, Anubis and The Gentlemen ransomware · midnight navy with cyan amber emerald coral palette
14

Weekly Threat Advisory: 5 APTs, 200 RATs, 74% High-Severity — The Week the C2 Flood Went Quiet (Jun 29 – Jul 5, 2026)

⚠ THREAT LEVEL: SEVERE · SITREP 026·27 · June 29 – July 5, 2026 The C2-flood feeds went quiet this...
HackForLab Weekly Threat Advisory · June 22-28 2026 · editorial bulletin cover · The State of the Threat · 54,820 observations · 87 clusters · 632 high-severity · 7 named APTs · 5 story cards: APT Week (Gamaredon Turla MustangPanda CL-STA-1062 Silent Lynx), DragonForce Full Kill Chain, Messaging Weaponised (WhatsApp VBScript Campaign), Supply Chain Surge (GhostShell Malicious npm Browser ad-blocker), New RAT on the Block (ModeloRAT)
19

Weekly Threat Advisory: APT Surge, Ransomware Full-Pivot, Messaging Weaponised — June 22-28, 2026

WEEKLY THREAT ADVISORY · EDITION №026·26 · JUNE 22 – 28, 2026 This was an APT week. Four named state-aligned...
Practitioner reference cover · Indicators of Compromise and Threat Intelligence · 6 framework cards: Pyramid of Pain, IOC Standards (STIX TAXII OpenIOC MISP), Pivoting Tradecraft (passive DNS WHOIS JARM JA4 cert), Diamond Model, TI Lifecycle + F3EAD, Detection Engineering (Sigma YARA ATT&CK Navigator SOAR) · framework chip strip: Pyramid of Pain · Diamond Model · Kill Chain · ATT&CK · STIX TAXII · Sigma YARA · F3EAD
16

Indicators of Compromise and Threat Intelligence: A Practitioner Reference

PRACTITIONER REFERENCE · THREAT INTELLIGENCE & DETECTION ENGINEERING · v2 A working analyst's reference. Twenty sections, sixteen frameworks — the...
HACKFORLAB Weekly Threat Advisory · June 15-21, 2026 · 55,480 indicator observations across 89 adversary clusters · radar showing intelligence graph with multi-pivot locked cluster · Rhysida-Interlock 219 IOCs, ClickFix 215 IOCs, JetBrains plugin supply chain attack, AI platform abuse, APT37 and UNC6508 active
24

Weekly Threat Advisory: Cluster Analysis & Top IOCs, June 15 – 21, 2026

WEEKLY THREAT ADVISORY · ADVISORY 026-25 · JUNE 15 – 21, 2026 The catalogue produced 55,480 indicator observations across 89...
The AWS Threat Hunting Library — 7 hunts every cloud SOC should run · HackForLab AWS Threat Hunting series hub
25

The Complete AWS Threat Hunting Library: 27 Cloud Hunts, 7 Flagship Playbooks, and the Full Archive (2026)

⚙ AWS THREAT HUNTING · CORNERSTONE LIBRARY · 2026 EDITION The Amazon Web Services attack surface is broader than most...

Cyber Threat Attacks / Hunting

HACKFORALB successfully completed threat hunting for following attack…

DNS Reconnaissance, Domain Generation Algorithm (DGA), Robotic Pattern Detection, DNS Shadowing , Fast Flux DNS , Beaconing , Phishing , APT , Lateral Movement , Browser Compromised , DNS Amplification , DNS Tunneling , Skeleton key Malware , Advance Persistent Threats, Low and Slow attacks , DoS, Watering Hole Attack Detection, Weh Shell , DNS Water Torch Attack , Intrusion Detection, Cookie visibility and theft, User login Session hijacking, Broken Trust, Pass the Hash, Session fixation, Honey Token account suspicious activities, Data Snooping / Data aggregation, Cross Channel Data Egress, Banking fraud detection, Chopper Web shell

Cyber Deception




  • Facebook
  • LinkedIN
  • Twitter
  • Google+

FOLLOW US

  • Facebook
  • LinkedIN
  • Twitter
  • Google+

CYBER THREAT CATEGORIES

  • Cyber Threat (55)
  • Data Recovery (3)
  • Digital Forensics (16)
  • General (14)
  • Linux Server Investigation (1)
  • Linux Training (1)
  • Packet Forensics and Analytics (8)
  • ProDiscover (4)
  • Threat Intelligence (36)

Top Cyber Security Articles

  • Network Threat Hunting with Outbound Traffic
    Network Threat Hunting with Outbound Traffic
  • Network Vulnerability and Attacks by Layer
    Network Vulnerability and Attacks by Layer
  • How to use ProDiscover
    How to use ProDiscover
  • Digital Forensic Checklist
    Digital Forensic Checklist
  • Types of System Software
    Types of System Software

Threat Hunting Scenarios




Copyright HACKFORLAB

Design by ThemesDNA.com