Home / Hunts

Threat Hunt Reports

MITRE ATT&CK aligned hunts with documented hypotheses, scoping decisions, tooling, and detection rule output. Each report is a repeatable artifact.

1 Reports Lateral Movement
high

Detecting Lateral Movement via Abnormal Process Ancestry

A targeted hunt for lateral movement indicators — specifically credential dumping artifacts and anomalous child process relationships involving lsass.exe across endpoint telemetry.

Lateral Movement T1003.001 — LSASS Memory windowslsass
Read report →

Hunt Methodology

All reports follow a structured format: Hypothesis → Scope → Data Sources → Query/Logic → Findings → Detection Output. Tactics and techniques are mapped to MITRE ATT&CK Enterprise. Where applicable, Sigma rules or KQL detection logic is included.