Threat Hunting Concepts and Practices - Insights from OffSec TH-200 Course module 1

As cybersecurity threats evolve and become increasingly sophisticated, organizations must adopt proactive measures to safeguard their networks. I’ve recently started the new OffSec TH-200 course, and I could finish three module of the course after just two days of diving in. Here, I’ll share my key takeaways from Module 1. This module encompasses various threat hunting concepts and practice, which covers different theories and case studies related to it.

What is Threat Hunting?

Threat hunting is a proactive cybersecurity practice wherein security professionals actively search for signs of malicious activity within a network. Unlike traditional Security Operations Center (SOC) approaches, which primarily react to alerts generated by security systems, threat hunting operates under the assumption that adversarial activity may already exist undetected. This forward-thinking mindset allows security teams to identify threats before they can cause significant harm.

The Threat Hunting Process

Threat hunting can be categorized into two primary types within enterprise networks :

a. In-House Threat Hunting

In-house threat hunting involves dedicated personnel who collaborate with other security teams, such as SOC, Incident Response (IR), and Threat Intelligence. This approach provides organizations with a customized strategy tailored to their unique security needs. However, resources such as personnel, tools, and budget can vary widely among organizations, resulting in different implementations and levels of maturity in threat hunting practices.