Tag: Threat Hunting

Low-and-Slow Data Exfiltration Detection — Isolation Forest + LSTM autoencoder on VPC Flow Logs — HACKFORLAB cover image
0 20
Posted in Cyber Threat

Detecting Low-and-Slow Data Exfiltration with Isolation Forest + LSTM

Hunt DNS tunnels, ICMP tunnels, and HTTPS covert channels using Isolation Forest + LSTM autoencoder on AWS VPC Flow Logs.

Rohit Sadgune 15th May 2026 0 Comment
Botnet Coordination & DDoS Staging Hunt — K-means + hierarchical clustering on VPC Flow Logs — HACKFORLAB cover image
0 20
Posted in Cyber Threat

Hunting Botnet Coordination and DDoS Staging with Clustering

Surface coordinated botnets and pre-DDoS staging via K-means + hierarchical clustering on host behaviour fingerprints from AWS VPC Flow Logs.

Rohit Sadgune 15th May 2026 0 Comment
Living-off-the-Land Kill Chain Detection — Markov chain + ensemble scoring on VPC Flow Logs — HACKFORLAB cover image
0 22
Posted in Cyber Threat

Living-off-the-Land Kill Chain Detection with Markov Chains

Detect blended LOTL attack chains by modelling network state transitions as Markov chains across MITRE ATT&CK phases on AWS VPC Flow Logs.

Rohit Sadgune 15th May 2026 0 Comment
Adaptive C2 Beacon Detection at Scale — FFT spectral analysis and DBSCAN on VPC Flow Logs — HACKFORLAB cover image
0 25
Posted in Cyber Threat

Adaptive C2 Beacon Detection: FFT and DBSCAN on VPC Flow Logs

Detection playbook for jitter-evading C2 beacons (Cobalt Strike, Sliver, Mythic, Brute Ratel) using FFT spectral analysis and DBSCAN clustering on AWS VPC Flow Logs.

Rohit Sadgune 13th May 2026 0 Comment
Weekly Threat Advisory: Top Cyber Adversaries May 04 - 10, 2026 — HACKFORLAB cover image
1 42
Posted in Threat Intelligence

Weekly Threat Advisory: Top Cyber Adversaries May 04 – 10, 2026

Weekly threat intel for 04–10 May 2026: 9,366 IOCs, 114 adversaries — Mirai, Clearfake, DPRK, ScarCruft, Kimsuky, MuddyWater & more.

Rohit Sadgune 11th May 2026 0 Comment