The Threat Hunter Playbook
The Threat Hunter Playbook is a community-driven, open source project to share detection logic, adversary tradecraft and resources to make detection development more efficient. All the detection documents in this project follow the structure of MITRE ATT&CK categorizing post-compromise adversary behavior in tactical groups and are available in the form of interactive notebooks. The use of notebooks not only allow us to share text, queries and expected output, but also code to help others run detection logic against pre-recorded security datasets locally or remotely through BinderHub cloud computing environments.
Docs: https://threathunterplaybook.com/
Goals
- Expedite the development of techniques an hypothesis for hunting campaigns.
- Help security researchers understand patterns of behavior observed during post-exploitation.
- Share resources to validate analytics locally or remotely through cloud computing environments for free.
- Map pre-recorded datasets to adversarial techniques.
- Accelerate infosec learning through open source resources.
Author
Roberto Rodriguez @Cyb3rWard0g
Official Committers
- Jose Luis Rodriguez @Cyb3rPandaH is adding his expertise in data science to it.
Acknowledgements
- We document and share our content via a Jupyter Book which was created by Sam Lau and Chris Holdgraf with support of the UC Berkeley Data Science Education Program and the Berkeley Institute for Data Science