Internal vs External IP Analysis in Threat Hunting
Two Addresses, Two Investigations Your SIEM fires a high-severity alert at 3 AM. A workstation on the finance VLAN just made an outbound connection to an IP address flagged in…
Using Autoruns to Audit Every Windows Autostart Location
A Backdoor Hiding in Plain Sight During a quarterly security review for a client running a 200-seat Windows environment, we found a DLL registered under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls that had been…
Threat Hunting Techniques: A SOC Readiness Audit
Your SIEM generated zero critical alerts during the four-hour window on Tuesday night. Your first instinct is to call it a quiet shift. But three of the most damaging incidents…