Meet Huntable CTI Studio: AI-assisted workbench for turning intel into detection rules! LLMs accelerates tedious extraction tasks freeing you up to handle the nuanced, human-reasoning heavy analysis. Transparent pipelines, human oversight, tunable agents.
bit.ly/3OqKkI3 #DFIR #ThreatHunting
bit.ly/3OqKkI3 #DFIR #ThreatHunting
Introducing Huntable CTI Studio
Huntable CTI Studio Huntable CTI Studio is an AI-assisted workbench for detection engineers and threat hunters. It helps turn open-source threat intelligence into Sigma rules you can validate, revi…
bit.ly
February 19, 2026 at 6:14 PM
Meet Huntable CTI Studio: AI-assisted workbench for turning intel into detection rules! LLMs accelerates tedious extraction tasks freeing you up to handle the nuanced, human-reasoning heavy analysis. Transparent pipelines, human oversight, tunable agents.
bit.ly/3OqKkI3 #DFIR #ThreatHunting
bit.ly/3OqKkI3 #DFIR #ThreatHunting
Join us tomorrow @ 12:30 PM CT as Recon’s very own threat hunting aficionado, Watson Brown, dives into Detecting AI in the tuMoltuous Shadows!
Don’t get left in the dark with the AI - secure your spot here: thursdef.com
#ThursDef #ThreatHunting #ShadowAI #InfoSec #CyberSecurity
Don’t get left in the dark with the AI - secure your spot here: thursdef.com
#ThursDef #ThreatHunting #ShadowAI #InfoSec #CyberSecurity
February 18, 2026 at 7:01 PM
Join us tomorrow @ 12:30 PM CT as Recon’s very own threat hunting aficionado, Watson Brown, dives into Detecting AI in the tuMoltuous Shadows!
Don’t get left in the dark with the AI - secure your spot here: thursdef.com
#ThursDef #ThreatHunting #ShadowAI #InfoSec #CyberSecurity
Don’t get left in the dark with the AI - secure your spot here: thursdef.com
#ThursDef #ThreatHunting #ShadowAI #InfoSec #CyberSecurity
Diving into the world of Network Detection and Response! My hands-on experience with an NDR system revealed its pivotal role in modern SOCs. #CyberSecurity #NDR #ThreatHunting #AIIntegration Link: thedailytechfeed.com/ai-integrate...
February 18, 2026 at 5:31 PM
Diving into the world of Network Detection and Response! My hands-on experience with an NDR system revealed its pivotal role in modern SOCs. #CyberSecurity #NDR #ThreatHunting #AIIntegration Link: thedailytechfeed.com/ai-integrate...
Originally from Unit 42: Critical Vulnerabilities in Ivanti EPMM Exploited ( :-{ı▓ #unit42 #threathunting #cyberresearch
Critical Vulnerabilities in Ivanti EPMM Exploited
We discuss widespread exploitation of Ivanti EPMM zero-day vulns CVE-2026-1281 and CVE-2026-1340. Attackers are deploying web shells and backdoors.
The post Critical Vulnerabilities in Ivanti EPMM Exploited appeared first on Unit 42.
unit42.paloaltonetworks.com
February 18, 2026 at 8:09 AM
Originally from Unit 42: Critical Vulnerabilities in Ivanti EPMM Exploited ( :-{ı▓ #unit42 #threathunting #cyberresearch
Your SOC isn’t understaffed. It’s late. ⏱️😈
Attackers aren’t scaling with malware—they’re scaling with OAuth + tokens + “normal” API exports.
blog.alphahunt.io/the-90-day-d...
#ThreatHunting #IdentitySecurity #AlphaHunt
Attackers aren’t scaling with malware—they’re scaling with OAuth + tokens + “normal” API exports.
blog.alphahunt.io/the-90-day-d...
#ThreatHunting #IdentitySecurity #AlphaHunt
February 18, 2026 at 1:16 AM
Your SOC isn’t understaffed. It’s late. ⏱️😈
Attackers aren’t scaling with malware—they’re scaling with OAuth + tokens + “normal” API exports.
blog.alphahunt.io/the-90-day-d...
#ThreatHunting #IdentitySecurity #AlphaHunt
Attackers aren’t scaling with malware—they’re scaling with OAuth + tokens + “normal” API exports.
blog.alphahunt.io/the-90-day-d...
#ThreatHunting #IdentitySecurity #AlphaHunt
Think like a real SOC analyst.
I just published a detailed TryHackMe Volt Typhoon write-up breaking down a full APT investigation — from initial access to C2 and cleanup.
If you're preparing for blue team roles, this room is gold.
#TryHackMe #ThreatHunting #SOCAnalyst #BlueTeam #MITREATTACK
I just published a detailed TryHackMe Volt Typhoon write-up breaking down a full APT investigation — from initial access to C2 and cleanup.
If you're preparing for blue team roles, this room is gold.
#TryHackMe #ThreatHunting #SOCAnalyst #BlueTeam #MITREATTACK
Inside a Volt Typhoon Attack
A Complete TryHackMe Write-Up Demonstrating Real SOC Investigation Methodology
medium.com
February 16, 2026 at 4:48 PM
Think like a real SOC analyst.
I just published a detailed TryHackMe Volt Typhoon write-up breaking down a full APT investigation — from initial access to C2 and cleanup.
If you're preparing for blue team roles, this room is gold.
#TryHackMe #ThreatHunting #SOCAnalyst #BlueTeam #MITREATTACK
I just published a detailed TryHackMe Volt Typhoon write-up breaking down a full APT investigation — from initial access to C2 and cleanup.
If you're preparing for blue team roles, this room is gold.
#TryHackMe #ThreatHunting #SOCAnalyst #BlueTeam #MITREATTACK
Huntbase harnesses and unleashes an analyst’s creativity and intuition to create cool and effective hunts.
Never Hunt Alone
#CyberSecurity #ThreatHunting #SOCAnalyst #InfoSec
Never Hunt Alone
#CyberSecurity #ThreatHunting #SOCAnalyst #InfoSec
February 16, 2026 at 8:18 AM
Huntbase harnesses and unleashes an analyst’s creativity and intuition to create cool and effective hunts.
Never Hunt Alone
#CyberSecurity #ThreatHunting #SOCAnalyst #InfoSec
Never Hunt Alone
#CyberSecurity #ThreatHunting #SOCAnalyst #InfoSec
A custom Linux beacon was released for Cobalt Strike on GitHub.
The author says that it is possible to build custom implants for Cobalt Strike on virtually any platform.
github.com/EricEsquivel...
#dfir #blueteam #threathunting #c2 #redteam #pentest
The author says that it is possible to build custom implants for Cobalt Strike on virtually any platform.
github.com/EricEsquivel...
#dfir #blueteam #threathunting #c2 #redteam #pentest
GitHub - EricEsquivel/CobaltStrike-Linux-Beacon: Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons
Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons - EricEsquivel/CobaltStrike-Linux-Beacon
github.com
February 14, 2026 at 11:58 AM
A custom Linux beacon was released for Cobalt Strike on GitHub.
The author says that it is possible to build custom implants for Cobalt Strike on virtually any platform.
github.com/EricEsquivel...
#dfir #blueteam #threathunting #c2 #redteam #pentest
The author says that it is possible to build custom implants for Cobalt Strike on virtually any platform.
github.com/EricEsquivel...
#dfir #blueteam #threathunting #c2 #redteam #pentest
Originally from Unit 42: Phishing on the Edge of the Web and Mobile Using QR Codes ( :-{ı▓ #unit42 #threathunting #cyberresearch
Phishing on the Edge of the Web and Mobile Using QR Codes
We discuss the extensive use of malicious QR codes using URL shorteners, in-app deep links and direct APK downloads to bypass mobile security.
The post Phishing on the Edge of the Web and Mobile Using QR Codes appeared first on Unit 42.
unit42.paloaltonetworks.com
February 14, 2026 at 8:21 AM
Originally from Unit 42: Phishing on the Edge of the Web and Mobile Using QR Codes ( :-{ı▓ #unit42 #threathunting #cyberresearch
Huntbase helps anyone hunt for threats that currently go unnoticed...
Never Hunt Alone
#CyberSecurity #ThreatHunting #SOCAnalyst #InfoSec
Never Hunt Alone
#CyberSecurity #ThreatHunting #SOCAnalyst #InfoSec
February 13, 2026 at 9:00 AM
Huntbase helps anyone hunt for threats that currently go unnoticed...
Never Hunt Alone
#CyberSecurity #ThreatHunting #SOCAnalyst #InfoSec
Never Hunt Alone
#CyberSecurity #ThreatHunting #SOCAnalyst #InfoSec
"Tracking ORBs on Singapore's Telecommunications Networks" by Will Thomas from Team Cymru. api.cyfluencer.com/s/tracking-o... #threatintelligence #threathunting #threatrecon #cybersecurity #Reconnaissance
APT Attacks in Singapore Telecom: UNC3886 ORB Tracking Explained
APT attacks by UNC3886 target Singapore telecom using ORB networks. Learn practical ORB tracking techniques to uncover hidden infrastructure with Scout.
api.cyfluencer.com
February 13, 2026 at 1:41 AM
"Tracking ORBs on Singapore's Telecommunications Networks" by Will Thomas from Team Cymru. api.cyfluencer.com/s/tracking-o... #threatintelligence #threathunting #threatrecon #cybersecurity #Reconnaissance
Dive into practical insights with real traffic analysis! Learn how to spot cleartext credentials and craft better firewall rules using #Wireshark — perfect for threat hunters and SOC teams. 🔍
#CyberSecurity #NetworkSecurity #ThreatHunting #SOC
#CyberSecurity #NetworkSecurity #ThreatHunting #SOC
Wireshark Traffic Analysis: Cleartext Credentials & Firewall Rules
A TryHackMe Practical Exercise Writeup
medium.com
February 12, 2026 at 10:54 AM
Dive into practical insights with real traffic analysis! Learn how to spot cleartext credentials and craft better firewall rules using #Wireshark — perfect for threat hunters and SOC teams. 🔍
#CyberSecurity #NetworkSecurity #ThreatHunting #SOC
#CyberSecurity #NetworkSecurity #ThreatHunting #SOC
Originally from Unit 42: Nation-State Actors Exploit Notepad++ Supply Chain ( :-{ı▓ #unit42 #threathunting #cyberresearch
Nation-State Actors Exploit Notepad++ Supply Chain
Unit 42 reveals new infrastructure associated with the Notepad++ attack. This expands understanding of threat actor operations and malware delivery.
The post Nation-State Actors Exploit Notepad++ Supply Chain appeared first on Unit 42.
unit42.paloaltonetworks.com
February 12, 2026 at 8:28 AM
Originally from Unit 42: Nation-State Actors Exploit Notepad++ Supply Chain ( :-{ı▓ #unit42 #threathunting #cyberresearch
🔐🤖 AI powered threat hunting is transforming modern cyber defense. The future of system hardening is adaptive, automated, and intelligence-driven.
#CyberSecurity #ThreatHunting #AI #ZeroTrust #SOC #InfoSec #CyberDefense
www.thecyberlens.com/p/proactive-...
#CyberSecurity #ThreatHunting #AI #ZeroTrust #SOC #InfoSec #CyberDefense
www.thecyberlens.com/p/proactive-...
Proactive Cyber Defense: AI Powered Threat Hunting Tools and Techniques
From Reactive Security to Proactive Cyber Defense
www.thecyberlens.com
February 12, 2026 at 7:04 AM
🔐🤖 AI powered threat hunting is transforming modern cyber defense. The future of system hardening is adaptive, automated, and intelligence-driven.
#CyberSecurity #ThreatHunting #AI #ZeroTrust #SOC #InfoSec #CyberDefense
www.thecyberlens.com/p/proactive-...
#CyberSecurity #ThreatHunting #AI #ZeroTrust #SOC #InfoSec #CyberDefense
www.thecyberlens.com/p/proactive-...
Looking to make some extra cash using your #BugBounty / #ThreatHunting skills? Report security issues and #zerodays through through our website today and maybe make some money- https://linktr.ee/dprkcert
#BTC #0day
#BTC #0day
February 11, 2026 at 10:58 PM
Looking to make some extra cash using your #BugBounty / #ThreatHunting skills? Report security issues and #zerodays through through our website today and maybe make some money- https://linktr.ee/dprkcert
#BTC #0day
#BTC #0day
It’s Day # 2 of #AFCEAWest, and DomainTools Federal is here at the San Diego Convention Center. Stop by Booth # 2309 to talk to our team about how we give you the offensive edge against state sponsored adversaries.
#CyberDefense #ThreatHunting #Federal #DomainTools
#CyberDefense #ThreatHunting #Federal #DomainTools
February 11, 2026 at 6:27 PM
It’s Day # 2 of #AFCEAWest, and DomainTools Federal is here at the San Diego Convention Center. Stop by Booth # 2309 to talk to our team about how we give you the offensive edge against state sponsored adversaries.
#CyberDefense #ThreatHunting #Federal #DomainTools
#CyberDefense #ThreatHunting #Federal #DomainTools
Elevate your SOC's threat hunting capabilities with real-time, sandbox-derived intelligence. Discover how to detect threats faster and reduce organizational risk. #CyberSecurity #ThreatHunting #SOCMaturity Link: thedailytechfeed.com/soc-maturity...
February 11, 2026 at 6:18 PM
Elevate your SOC's threat hunting capabilities with real-time, sandbox-derived intelligence. Discover how to detect threats faster and reduce organizational risk. #CyberSecurity #ThreatHunting #SOCMaturity Link: thedailytechfeed.com/soc-maturity...
Malcolm: A powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts
Check ✅️ it out:
github.com/idaholab/Mal...
#cybersecurity #infosec #threathunting #suricata #zeek
Check ✅️ it out:
github.com/idaholab/Mal...
#cybersecurity #infosec #threathunting #suricata #zeek
github.com
February 11, 2026 at 1:38 PM
Malcolm: A powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts
Check ✅️ it out:
github.com/idaholab/Mal...
#cybersecurity #infosec #threathunting #suricata #zeek
Check ✅️ it out:
github.com/idaholab/Mal...
#cybersecurity #infosec #threathunting #suricata #zeek
CrowdStrike: Labyrinth Chollima split into espionage & crypto-theft units (Golden & Pressure Chollima), linked to Lazarus. Shared HR lures, trojanized apps & rootkits show centralized coordination across DPRK ops. #ThreatHunting #APT #Lazarus #CyberEspionage
February 11, 2026 at 11:15 AM
CrowdStrike: Labyrinth Chollima split into espionage & crypto-theft units (Golden & Pressure Chollima), linked to Lazarus. Shared HR lures, trojanized apps & rootkits show centralized coordination across DPRK ops. #ThreatHunting #APT #Lazarus #CyberEspionage
Originally from Unit 42: A Peek Into Muddled Libra’s Operational Playbook ( :-{ı▓ #unit42 #threathunting #cyberresearch
A Peek Into Muddled Libra’s Operational Playbook
Explore the tools Unit 42 found on a Muddled Libra rogue host. Learn how they target domain controllers and use search engines to aid their attacks.
The post A Peek Into Muddled Libra’s Operational Playbook appeared first on Unit 42.
unit42.paloaltonetworks.com
February 11, 2026 at 8:31 AM
Originally from Unit 42: A Peek Into Muddled Libra’s Operational Playbook ( :-{ı▓ #unit42 #threathunting #cyberresearch
iT4iNT SERVER Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools VDS VPS Cloud #Cybersecurity #Ransomware #BYOVD #EDR #ThreatHunting
Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools
Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself.
BYOVD refers to an adversarial technique that abuses legitimate but flawed driver software to escalate privileges and disable Endpoint Detection
dlvr.it
February 10, 2026 at 3:48 PM
iT4iNT SERVER Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools VDS VPS Cloud #Cybersecurity #Ransomware #BYOVD #EDR #ThreatHunting
Let's find more QuasarRAT infrastructure! Live now threat hunting!
twitch.tv/cyberkaida
#Malware #QuasarRAT #VTuber #ReverseEngineering #Threathunting #ReVa
twitch.tv/cyberkaida
#Malware #QuasarRAT #VTuber #ReverseEngineering #Threathunting #ReVa
February 8, 2026 at 3:06 AM
Let's find more QuasarRAT infrastructure! Live now threat hunting!
twitch.tv/cyberkaida
#Malware #QuasarRAT #VTuber #ReverseEngineering #Threathunting #ReVa
twitch.tv/cyberkaida
#Malware #QuasarRAT #VTuber #ReverseEngineering #Threathunting #ReVa
Originally from Unit 42: Novel Technique to Detect Cloud Threat Actor Operations ( :-{ı▓ #unit42 #threathunting #cyberresearch
Novel Technique to Detect Cloud Threat Actor Operations
We introduce a novel method that maps cloud alert trends to MITRE ATT&CK techniques. The patterns created could identify threat actors by behavior.
The post Novel Technique to Detect Cloud Threat Actor Operations appeared first on Unit 42.
unit42.paloaltonetworks.com
February 7, 2026 at 8:43 AM
Originally from Unit 42: Novel Technique to Detect Cloud Threat Actor Operations ( :-{ı▓ #unit42 #threathunting #cyberresearch
AsyncRAT runs fully in memory, enabling surveillance, file access, and persistence while blending into normal system behavior. DEAD#VAX shows how attackers combine script abuse, IPFS, and process injection to defeat traditional defenses. #ThreatHunting #Infosec #APT
February 6, 2026 at 10:26 AM
AsyncRAT runs fully in memory, enabling surveillance, file access, and persistence while blending into normal system behavior. DEAD#VAX shows how attackers combine script abuse, IPFS, and process injection to defeat traditional defenses. #ThreatHunting #Infosec #APT
Originally from Unit 42: The Shadow Campaigns: Uncovering Global Espionage ( :-{ı▓ #unit42 #threathunting #cyberresearch
The Shadow Campaigns: Uncovering Global Espionage
In 2025 a threat group compromised government and critical infrastructure in 37 countries, with reconnaissance in 155.
The post The Shadow Campaigns: Uncovering Global Espionage appeared first on Unit 42.
unit42.paloaltonetworks.com
February 6, 2026 at 8:45 AM
Originally from Unit 42: The Shadow Campaigns: Uncovering Global Espionage ( :-{ı▓ #unit42 #threathunting #cyberresearch