Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Advanced Threat Hunting Demo: Brickstorm APT

Oct 30, 2025 By Rubrik In Rubrik
Is your VMware environment secure? A sophisticated backdoor called BRICKSTORM, used by espionage actor UNC5221, could be hiding in your vCenter backups right now. Restoring from a compromised snapshot means letting the attackers right back in. But what if your backups could be your best defense? In our new 4-minute demo, we walk through the exact steps to: Proactively hunt for BRICKSTORM within your backups using YARA rules. Instantly quarantine infected snapshots to stop the threat from spreading. Identify a guaranteed 'Gold Copy' for a fast, safe, clean-room recovery.
View Video
Corelight

Exposing Salt Typhoon on the network using the PEAK Threat Hunting Framework

Oct 20, 2025 By David Burkett In Corelight
How do you find an adversary who lives where you can't easily look? A recent CISA advisory on the state-sponsored actor "Salt Typhoon" highlights this exact challenge. These actors aren't just breaking in; they're moving in. They persist on network edge devices like routers and firewalls—critical infrastructure that often sits outside the view of traditional endpoint security. From this vantage point, they capture traffic, steal credentials, and plan their next move.
Read Post

Elastic Security Explained: Transparency, AI, and the Future of Threat Hunting

Oct 2, 2025 By Elastic In Elastic
Elastic’s James Spiteri joins John Hammond to dive deep into the evolution of Elastic Security, from the ELK stack’s early days to today’s full-fledged, unified SIEM, XDR, and cloud security solution powered by agentic AI and automation. They discuss free tools, open detections, and how Elastic is making cybersecurity more accessible and collaborative for everyone.
View Video

Threat Hunting at Scale: How Securonix + ThreatQ Turn Intelligence into Action

Sep 22, 2025 By Securonix In Securonix
Discover how Securonix and ThreatQ empower security teams to overcome alert fatigue, reduce manual workloads, and proactively hunt for threats at scale. In this session, experts from Securonix and ThreatQ demonstrate how combining advanced behavioral analytics with context-rich threat intelligence helps SOC teams detect stealthy attack chains, automate investigations, and respond faster. You’ll learn.
View Video
salt security

Beyond Anomalies: How Autonomous Threat Hunting Uncovers the Full Attack Story

Aug 5, 2025 By Eric Schwake In Salt Security
APIs are essential in today's digital landscape, supporting everything from mobile apps to vital backend systems. As their importance grows, they also become attractive targets for advanced attackers who bypass traditional security methods. These adversaries do not simply exploit API flaws; instead, they mimic normal user behavior to launch subtle, slow-and-low attacks that are difficult for conventional tools to detect.
Read Post
CrowdStrike

CrowdStrike 2025 Threat Hunting Report: AI Becomes a Weapon and a Target

Aug 4, 2025 By Counter Adversary Operations In CrowdStrike
Today’s enterprising adversaries are weaponizing AI to scale operations, accelerate attacks, and target the autonomous AI agents quickly transforming modern businesses. The CrowdStrike 2025 Threat Hunting Report details this new chapter in the threat landscape. This year’s report, based on frontline intelligence from CrowdStrike’s elite threat hunters and intelligence analysts, examines how threat actors are using AI to do more with less.
Read Post
splunk

Threat Hunting with TLS/SSL Certificates

Jul 3, 2025 By Lauren Stemler In Splunk
In this article, we’ll analyze how threat actors exploit TLS to hide their operations and how defenders can use exposed certificate metadata to detect them. We will discuss: Let’s get started! (This article is part of our Threat Hunting with Splunk series. We’ve updated it recently to maximize your value.)
Read Post
fidelis security

Mastering Endpoint Threat Hunting: 7 Proven Practices for Uncovering Hidden Attacks

May 26, 2025 By Fidelis Security In Fidelis Security
Traditional endpoint defenses that rely solely on signatures and alerts often miss stealthy, livingofftheland attacks—studies indicate that as many as 90% of breaches begin at the endpoint and over twothirds of organizations suffer successful endpoint incursions. When these threats go undetected, they can dwell for months, resulting in data exfiltration, regulatory fines, and lasting reputational damage.
Read Post
levelblue

Hunting Malware with MSHTA and CyberChef: A Deep Dive into Obfuscation in Malicious Scripts and Credential Theft

May 21, 2025 By Sean Shirley In LevelBlue
Recently, our team came across an alert involving mshta.exe, a native Windows tool that attackers commonly exploit for malicious purposes. MSHTA (Microsoft HTML Application Host) is a well-known LOLBin (Living-Off-The-Land Binary). This means it is a legitimate system tool that can be abused and can blend in with normal activity. MSHTA can execute remote HTML applications or JavaScript content directly from a URL.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.