Do you suspect to have been hacked? Do you think you have an intruder in your network but lack the evidence or know-how of where to start an investigation? During a Hunt, the Hunter and Hacker will try to find evidence and traces of malicious activity in your network or IT environment.
A (threat) Hunt is a relatively difficult activity, a lightweight forensic investigation, and not always possible in every organization. Proper logging and monitoring should be in place to find (traces of) a malicious actor or suspicious network traffic. Especially if you are dealing with an advanced persistent threat. During the Hunt, the Hunter will focus exensively on log analysis and investigate and eliminate possible scenarios, together with your organization. The Hacker will work with the Hunter to investigate possible entry points, attack scenarios and assists to obtain more evidence from servers, PCs or other relevant devices. The Healer will write the report and present the results of the investigation but has a limited role otherwise.
Does your organization lack logging and monitoring capabilities, but you do believe an attacker has breached your perimeter? Chapter8 is able to set up a Mobile Security Operations Center called 'Hunterbox' which is equiped with the necessary tools and software to perform log analytics and detection of malicious activity.
Please note: the Hunt is not the same as Incident Response (IR)! If your organization has determined that a malicious actor is present within your IT environment, or if you are suffering from a ransomware attack already, the Hunt is not the right service. However, Chapter8 is perfectly capable of giving you advice on how to proceed in such a scenario.
Shall we talk about your security? Introduce yourself to us and we will contact you.
