CTHoW v2.0 – Cyber Threat Hunting on Windows

Pierluigi Paganini November 19, 2019

Why did I started CTHoW? As someone with a huge passion for information security. It is always a must to keep on top of the latest TTPs of adversaries to be able to defend your network.

I was always impressed with the MITRE ATT&CK framework that helps the community by sharing the latest techniques, attackers are using nowadays in their engagements, and how companies can defend and mitigate these attacks to reduce down the impact of a (cyber)-attack.

One of the main reasons, I decided to share CTHoW was mainly because I felt that there wasn’t a clear ”how-to” detect TTP <XYZ>.

It was a lot about coverage and mapping your detecting techniques to MITRE ATT&CK, but let’s be honest. Most SIEM solutions aren’t that mature (yet) and it wouldn’t surprise me that most SIEM are still only collecting logs from the perimeter.
CTHoW was developed to help Blue Teamers (Usually SOC / Threat Hunters) to improve their detection and investigation plan to have a sort of a ”basic”.

CTHoW v2.0 – Cyber Threat Hunting on Windows from Huy Kha


About the author: Huy Kha

Huy is an information security professional with a huge passion for Identity & Access Management. He likes to share knowledge with the community and is known for all his publications around Windows & Active Directory security.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – CTHoW, Mitre)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment