惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Cyberwarzone
Cyberwarzone
V
Vulnerabilities – Threatpost
T
Tenable Blog
Forbes - Security
Forbes - Security
Simon Willison's Weblog
Simon Willison's Weblog
AWS News Blog
AWS News Blog
G
GRAHAM CLULEY
Know Your Adversary
Know Your Adversary
S
Securelist
C
Cybersecurity and Infrastructure Security Agency CISA
Project Zero
Project Zero
C
CXSECURITY Database RSS Feed - CXSecurity.com
V
Visual Studio Blog
WordPress大学
WordPress大学
Latest news
Latest news
K
Kaspersky official blog
T
Tailwind CSS Blog
T
Threat Research - Cisco Blogs
B
Blog RSS Feed
C
Cisco Blogs
博客园 - 聂微东
Martin Fowler
Martin Fowler
T
The Blog of Author Tim Ferriss
小众软件
小众软件
L
LangChain Blog
阮一峰的网络日志
阮一峰的网络日志
L
LINUX DO - 热门话题
Stack Overflow Blog
Stack Overflow Blog
罗磊的独立博客
P
Proofpoint News Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
P
Privacy International News Feed
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
CERT Recently Published Vulnerability Notes
Cisco Talos Blog
Cisco Talos Blog
S
SegmentFault 最新的问题
Security Latest
Security Latest
Y
Y Combinator Blog
爱范儿
爱范儿
aimingoo的专栏
aimingoo的专栏
P
Privacy & Cybersecurity Law Blog
L
LINUX DO - 最新话题
月光博客
月光博客
The GitHub Blog
The GitHub Blog
博客园 - 三生石上(FineUI控件)
S
Security Affairs
P
Proofpoint News Feed
D
DataBreaches.Net
有赞技术团队
有赞技术团队
云风的 BLOG
云风的 BLOG

Intel 471 Blog

TeamPCP Supply Chain Attacks Turning Geopolitical Tension into Actionable Intelligence CVE-2025-68613: Zerobot botnet exploits critical vulnerability impacting n8n AI orchestration platform Introducing Cyber Threat Exposure Bundle: A Unified Approach to External Risk CVE-2026-20127: Critical Cisco SD-WAN vulnerability exploited in wild Handala Threat Group OpenClaw: A viral AI assistant and a magnet for infostealer malware and ClickFix trickery Israeli, US strikes against Iran triggers a surge in hacktivist activity CVE-2026-1731: Finding a critical RCE in an age of AI-driven vulnerability research Born to bypass MFA: Taking down Tycoon 2FA The UK Cyber Security Resilience Bill How AI and the human advantage beat tomorrow’s threats Winter Olympics 2026: Hacktivism Surges Ahead of Protests and Suspected Sabotage How Threat Hunting and “Good” Metrics Help The Business Likely fake ransomware operator 0APT causes panic — Our analysis Hunting APTs: from state policy to TTPs CrazyHunter Ransomware DevMan Ransomware Introducing HUNTER Tuning: a New Tool for Driving Behavioral Threat Hunt Detections Battling check fraud in the U.S. Gootloader Malware Update Shai-Hulud Worm 2.0 New FvncBot Android banking trojan targets Poland White Paper Preview: Black "Fraud Day” and Beyond — The Key Cyber Threats Facing the Retail Sector this Holiday Season Threat hunting case study: Detecting IAB activity Using deception to extract cyber threat intelligence Lynx Ransomware Qilin Ransomware Group ClickFix: Tricking users into installing infostealers Cybercrime Takedowns: Trust, Partnerships and Focus How card fraud is powered by underground card checkers Tracking down The Com Turning Chaos into Clarity: The Next Phase of Intel 471’s Geopolitical Intelligence Solution The FBI’s Group 78: Covertly fighting ransomware? How threat actors bypass multifactor authentication Crimson Collective In a digital age, US paper check fraud flourishes How you can defend against AI-driven fraud and phishing Detecting cybercriminal activity on Telegram NPM - Shai-Hulud Worm Threat hunting case study: ToolShell AMOS Stealer How AI can (and can’t) help in threat hunting The Phrack leak: Examining an APT’s workstation How initial access offers power intrusions and ransomware Drawing value from cyber threat intelligence “Pig-Butchering” Scams: The Dark Side of Social Engineering and Why Terminology Matters After disruption, XSS cybercrime forum faces loss of trust Update: Salt Typhoon Bridging the CTI Gap: New Exposure Modules on Verity471 Deliver Market-Disrupting Views of Threats Introducing Verity471: Cyber Threat Intelligence Ready to Operationalize FileFix Social Engineering Technique Guided Threat Hunts Takes Your Behavioral Threat Hunting to the Next Level Defending against doxing CVE-2025-53770 - Microsoft Sharepoint Mass Exploitation (ToolShell) Threat hunting case study: Lumma infostealer Pro-Russian hacktivism: Shifting alliances, new groups and risks mommy Access Broker NATO summit commences in tandem with tense cyber, kinetic conflict A look at ‘Tinker,’ Black Basta’s phishing fixer, negotiator Threat hunting case study: DragonForce Two critical challenges facing CTI teams and how to overcome them: Intel 471’s additional insights into the SANS 2025 CTI Survey Android malware trends: Stealthier, easier-to-use Fingerprinting threat actors by their anonymity techniques DanaBot malware disrupted, threat actors named Intel 471 brings HUNTER behavioral threat hunts to Google Security Operations SANS 2025 CTI Survey: It’s Business Time for Cyber Risk How an alleged Russian hacker slipped away Threat hunting case study: Medusa ransomware CVE-2025-31324 - SAP NetWeaver Vulnerability DragonForce Ransomware Managing a cyber crisis LabHost: A defunct but potent phishing service Understanding and threat hunting for RMM software misuse Threat-hunting case study: Windows Management Instrumentation abuse VanHelsing Ransomware An in-depth look at Black Basta's TTPs Six Key Takeaways From the SANS 2025 Threat Hunting Survey Update: Medusa Ransomware Writing high-quality IDS detection rules Threat hunting case study: RMM software Update: LockBit Ransomware Zservers: Bulletproof hosting for online crime Update: Black Basta Ransomware and Threat Group Black Basta exposed: A look at a cybercrime data leak BadPilot Campaign The evolution of Russian cybercrime Android trojan TgToxic updates its capabilities Threat hunting case study: SocGholish DeepSeek AI poses cybersecurity risks Law enforcement hammered cybercrime in 2024. Is it working? Remote Monitoring and Management (RMM) Abuse How threat actors are using artificial intelligence Threat hunting case study: PsExec How ransomware may trend in 2025 What 2025 May Hold for Cybersecurity Bring Your Own Hunts to HUNTER ‘Tis the Season to Be Alert for Cyber Threats: 5 Unjoyful Holiday Tactics Collecting Useful CTI from Underground Markets Expanding source coverage: adding Signal chats to threat intelligence
How Cyborg Security Creates Threat Hunting Content
Intel 471 · 2020-08-08 · via Intel 471 Blog

Cyborg Security is on a quest to provide the best threat hunting experience to organizations at all different security maturity levels. We believe that when threat hunters from around the world are provided a pipeline of contextualized threat hunting content, they’re more quickly able to proactively find the adversaries hidden in their environments. This is how we hope to change the game of threat hunting.

[hubspot type=cta portal=7924572 id=d13ae3c6-78f8-41f8-b5a8-1975460104dd]

The best threat hunting content is the kind that can perform queries or hunts against aggregated security data using the most relevant, timely, and contextualized intelligence available about any given threat. Cyborg takes threat intel to the next level by operationalizing it into our threat hunting platform.

Here’s how we do it.

It starts with contextualized threat intel

In order to build a foundation of great threat hunting content, we concurrently produce a base of threat intelligence that contextualizes data and vets it far more than the average threat feed.

We’re using that core intel to create this very specific threat hunting content to find different threat actors, malware activity, and tool sets within a given enterprise environment. What our threat hunt content writers will do is operationalize that data developed by our threat intelligence team and weaponize it so our customers can use it.

Sandboxing and query development

The creation of threat hunting content starts by reverse engineering and recreating the effects of attack tools detailed in the threat intelligence. Cyborg threat hunters will do this in multiple sandbox environments. We detonate the malware and observe the effects, and logged data appears within numerous platforms such as Elasticsearch, Splunk, QRadar, and so forth. From there we craft those threat hunt queries to look for the artifacts observed and tailor them in such a way that they will be very high fidelity. This makes it easier for an independent threat hunter to be able to directly find exactly what they’re looking for.

Make it cross-platform

As a part of developing threat hunting content, Cyborg’s threat hunting team wants to make it universal for a wide variety of organizations — no matter what platforms they’re using. In order to do that we’ve established a unique syntax that takes threat hunt queries for our platform so that they’ll be directly applicable to any customer’s data or platforms. For each hunt, the customer initiates a hunt for a specific query based on all of the groundwork we’ve done for that particular piece of content

The idea behind the process is to develop a portfolio of threat hunting content that can augment what an existing enterprise team can already do. When the Cyborg team develops content, the process can take anywhere between a half-hour to half a week, depending on the complexity of the attack.

Ultimately, we believe that threat hunting content can help organizations start proactive searches for threats on level footing.

To learn more about how content is more important to the threat hunting process than automation, read our blog, Threat Content, Not Automation, Fuels Effective Threat Hunting.

[hubspot type=cta portal=7924572 id=32a55e1d-cfee-45cb-955a-df76250797fb]