Threat Hunting Archives

A Practical Detection Engineering Framework — 5-stage lifecycle from hypothesis to shipped rule used by modern SOCs · Hypothesis · Data · Logic · Validation · Metrics

A Practical Detection Engineering Framework Used by Modern SOCs

DETECTION ENGINEERING · CORNERSTONE GUIDE The difference between an alert farm and a detection engineering practice is not better tooling...

What Cloud Logs You Actually Need to Hunt — log dependency map across AWS, Azure, and GCP for threat hunting · VPC Flow · CloudTrail · K8s Audit · coverage · blind spots

What Cloud Logs You Actually Need for Threat Hunting (And Why Most Teams Fail)

On this page Why Most Teams Fail The Log Dependency Map AWS / Azure / GCP Coverage Matrix When Logs...

How to Measure Detection Quality — precision, recall, MTTD, FP rate, SLO — metrics every detection engineer must track

How to Measure Detection Quality: Metrics Every Detection Engineer Must Track

Detection Engineering · Operator Playbook If your detection portfolio is a black box, every conversation about coverage, hiring, tooling and...

Weekly Threat Advisory cover · Top Cyber Adversaries May 24 – 31, 2026 · 1.35M observations · 87 adversary clusters · CobaltStrike · Cloud Atlas · DPRK · Kimsuky · Void Dokkaebi · AdaptixC2 · VShell

Weekly Threat Advisory: Top Cyber Adversaries May 24 – 31, 2026

⚠ Weekly Threat Advisory — May 24 – 31, 2026 What this advisory covers — read this first This advisory...

Weekly Threat Advisory cover for May 18-24 2026

Weekly Threat Advisory: Top Cyber Adversaries May 18 – 24, 2026

⚠ Weekly Threat Advisory — New Adversaries, Fresh Tradecraft, 18 – 24 May 2026 What This Advisory Covers — Read...

HACKFORALB successfully completed threat hunting for following attack…

DNS Reconnaissance, Domain Generation Algorithm (DGA), Robotic Pattern Detection, DNS Shadowing , Fast Flux DNS , Beaconing , Phishing , APT , Lateral Movement , Browser Compromised , DNS Amplification , DNS Tunneling , Skeleton key Malware , Advance Persistent Threats, Low and Slow attacks , DoS, Watering Hole Attack Detection, Weh Shell , DNS Water Torch Attack , Intrusion Detection, Cookie visibility and theft, User login Session hijacking, Broken Trust, Pass the Hash, Session fixation, Honey Token account suspicious activities, Data Snooping / Data aggregation, Cross Channel Data Egress, Banking fraud detection, Chopper Web shell

Tag: Threat Hunting

Tor and Anonymizer Egress Hunting on VPC Flow Logs

Cloud Cryptojacking Detection at Scale: Mining-Pool Hunting on AWS

TLS Fingerprinting (JA3, JA4, JARM) for Encrypted C2 Hunting

DGA and DNS-Tunnel Hunting at Scale on VPC Flow Logs

Lateral Movement Detection via Graph Analysis on VPC Flow Logs

Recent Posts

Hackforlab Category

FaceBook Page

SIEM | UEBA

GridView List Posts Widget

A Practical Detection Engineering Framework Used by Modern SOCs

What Cloud Logs You Actually Need for Threat Hunting (And Why Most Teams Fail)

How to Measure Detection Quality: Metrics Every Detection Engineer Must Track

Weekly Threat Advisory: Top Cyber Adversaries May 24 – 31, 2026

Weekly Threat Advisory: Top Cyber Adversaries May 18 – 24, 2026

Cyber Threat Attacks / Hunting

Cyber Deception

FOLLOW US

CYBER THREAT CATEGORIES

Top Cyber Security Articles

Threat Hunting Scenarios