Hello all!
My name is Jouni Mikkola and I have been thinking of starting a threat hunting related blog for a while now. The blog will be hosting mainly technical host based threat hunting material, likely revolving around Microsoft’s Defender for Endpoint based queries. There might be some posts regarding the methodology of threat hunting, however that is quite well covered in several blogs already so I won’t likely touch the subject very much.
I have been working in Cybersecurity for 5 years. All the time that I have been in the field I have worked within the blue team – mainly DFIR and Threat Hunting. I have had some assignments in SOC too, although my experience isn’t that extensive in the SOC roles. Most of my time has been within a Finnish Cybersecurity company known as Nixu – however I recently joined Deloitte as a manager – responsible for DFIR & TH related tasks. I have been in IT for the total of 15 years, the first 10 I spent with consulting Microsoft related server products – like Office 365, Exchange, OCS-Lync-Skpe, ADFS, AD and many others.
After moving towards the DFIR world I have also been conducting quite a lot of threat hunts. Most of my experience is from host/endpoint based threat hunting, usually revolving around EDR technologies, with some additions from the SIEM’s. My personal opinion is, that host based data is the best data when it comes to threat hunting also I do also appreciate the possibilities that network based threat hunting can open.
There will be no scheduled updates to the blog and it will be worked on when time allows. Now that I have been doing this almost a year it seems that my time and ideas varies a lot though.