The Endgame Guide to Threat Hunting: Practitioner's Edition

About the Hunt Book
Threat hunting is the process of actively looking for signs of malicious activity within enterprise networks without prior knowledge of those signs. It is a proactive approach to uncovering bad actors before they can steal your data or disrupt your business. Endgame’s hunt experts Devon Kerr and Paul Ewing have written a practitioners guide to threat hunting for analysts who want to begin hunting today. This book provides analysts with hands-on tips on how to start hunting for techniques across the MITRE ATT&CK matrix. This one-of-a-kind guide is full of step-by-step instructions and practical advice on how to hunt including:

• What is hunting?

• Choose the right framework to hunt - MITRE ATT&CK™  

• Building a hypothesis to hunt for threats

• Measuring the success of your hunt program and assess hunt efficiency

• Techniques on how to hunt across the MITRE ATT&CK matrix

  • Hunting for Fileless Attacks - Examine techniques for detecting threats that hide in memory

  • Hunting for Persistence - Explore how attackers achieve persistence, and how to uncover their techniques

  • Hunting for lateral movement

  • Hunting for Credential Theft - discover how to uncover whether attackers have been stealing user credentials

• A hunt cheat sheet to get started

About the Authors

Devon Kerr is a Principal Researcher at Endgame, focusing on adversary simulation, detection, and response technologies. Formerly a Mandiant incident response and remediation lead, he helps Fortune 500 companies detect and contain advanced threat actors.

Paul Ewing is a Senior Threat Researcher at Endgame, where he leads the adversary hunt efforts. He formerly lead hunt teams in government. He specializes in prototyping analytics to detect malicious behaviors and techniques.