Handbook: Tools, tips and tricks for threat hunters

A new manual published by Authentic8 helps threat hunters fill critical gaps and hone their tradecraft.

Cyber Threat Intelligence (CTI) analysts collect, process, and interpret threat data to prevent or mitigate cyber attacks. To that end, they need a set of tools strategically chosen for their specific features and capabilities to support the mission.

That’s the theory. In practice, many still risk exposing their organization to malware, tracking, de-anonymization, and attribution, because they are insufficiently equipped and trained. (For more on this, check out the 2020 Cyber Threat Intelligence Report by Cybersecurity Insiders, which was published earlier this year.)

Authentic8’s resident CTI specialists took notice and went to work. As expert threat hunters from various backgrounds (US Military, Intelligence Community, OSINT, Engineering), they get many related questions from practitioners, so they were ready to fill in a few blanks. The result is Authentic8's newest Cyber Threat Intelligence guide - the Tools, Tips & Tricks Handbook for Threat Hunters. You can download it here.

For this hands-on compendium, the team curated tools to help analysts along every step: from collecting threat indicators to identifying threats, to analyzing potential risks to the enterprise and its assets.

The practical guide contains three core chapters:

• Up-front, the handbook addresses essential issues: operational security, managed attribution, and efficient collaboration online. How to conduct research or investigations without introducing risk to the organization, violating compliance, or revealing intent?
• In the chapter titled “Top Tools to Collect and Analyze Attack Data,” the Authentic8 researchers present an overview of two dozen must-have tools for cyber threat intelligence.
  
  The apps and web services recommended for cyber threat intelligence by our team are sorted by their purpose and the stages of the threat intelligence production cycle they support. The descriptions include use cases as well as alternatives if similar tools are available.
• In the third segment, the authors provide guidance, insights, and practical examples on how to handle typical CTI workflows. They demonstrate how to use Shodan, the search engine for internet-connected devices. They show how to leverage digital images and their meta (Exif) data in an investigation. And they describe in detail how to research website ownership and history by applying advanced search techniques.

A chapter on Silo for Research rounds out the handbook. Silo for Research is based on Authentic8’s patented, cloud-based Silo Web Isolation Platform.

Many of the world’s leading corporate threat hunting teams and their peers in public sector organizations rely on Silo for Research to protect their cyber threat intelligence efforts and conduct secure and anonymous investigations online.

Download your free copy of the Tools, Tips & Tricks Handbook for Threat Hunters .