Threat hunting case study: DragonForce
After compromising a system, attackers seek ways to maintain persistence. Here's how to threat hunt for a common persistence method used by attackers including DragonForce.
Threat hunting case study: Medusa ransomware
The Medusa gang is one of the most active ransomware-as-a-service groups. Here's how to threat hunt for a User Account Control bypass, one of the tactics, techniques and procedures this group and its affiliates use.
Understanding and threat hunting for RMM software misuse
Remote monitoring and management software is useful for administrators and threat actors, who often abuse or install it. Here's a briefing on RMM platform misuse and guidance for how to threat hunt for misbehavior.
Threat-hunting case study: Windows Management Instrumentation abuse
Attackers often use Windows Management Instrumentation (WMI) for reconnaissance to map networks. This case study describes how to threat hunt for malicious use of WMI, which is also used legitimately by administrators.
Six Key Takeaways From the SANS 2025 Threat Hunting Survey
SANS 2025 Threat Hunting Survey shines the light on why behavioral threat hunting can do what AI and IOC-hunts can’t do alone.

Threat hunting case study: RMM software
Attackers hijack or install their own remote monitoring and management software to penetrate deeper into organizations. This activity, however, can be detected using threat hunts based on threat intelligence.

Threat hunting case study: SocGholish
SocGholish is a malware campaign that spreads via hacked web pages. This is a guide for how to detect infections by searching in SIEMs and logging systems for attacker behaviors.

Threat hunting case study: PsExec
PsExec, a command-line utility used for remotely managing Windows computers, is often abused by threat actors. Here's how to threat hunt for suspicious PsExec activity.

Bring Your Own Hunts to HUNTER
As a HUNTER customer utilizing the Hunt Management Module (HMM), you can now “bring your own” (BYO) threat hunting content to the HUNTER threat hunting platform.

Threat hunting case study: Uncovering Turla
Adversaries try to hide malicious components by renaming them as legitimate Windows binaries. This technique has been used by the Turla threat actor group and others. Here's how to threat hunt for this behavior.