Cyber Threat Hunt
Current• Use open-source research to develop threat hunt hypothesis for Advanced Persistent Threat (APT) groups and other malicious threat actors.• Perform TTP based Cyber Threat hunts for 500K endpoints located throughout the globe.• Hunt suspicious behaviors through analysis of EDR data from Carbon Black Response, Carbon Black Detect, CrowdStrike, and Microsoft Defender Advanced Threat Protection as well as SIEM data. • Examine process data and network activity for suspicious scripts, including PowerShell, Python, and WMIC for malicious use.• Recommend threat mitigations and remediations for malicious activities.• Develop EDR queries for console detections used as alerts for SOC personnel.