What is Threat Hunting

Muhammad Mater
3 min readApr 14



Even though businesses continuously put a lot of money into cyber security, the losses caused by hackers are signifcantly increasing

For example, according to a recent IC3 report , business email compromise scams alone have led to losses of over $26 billion in tge past three years

what is IC3 ?

The Internet Crime Complaint Center (IC3) is a website and that offers users a standardized mechanism and interface to report suspected cybercrime or other illegal activity facilitated by the Internet. Victims can report on their own behalf, and people can also report crimes on behalf of other individuals.

Based on FireEye’s M-Trends 2019 Report, the average time for an organization to discover that they have been breached (also known as dwell time), for the investigations Fireeye were part of, was 78 days; this means that an intruder could be in your network for nearly three months
before you know about it

Wait a Second There is a word called dwell time

What is the meaning of dwell time ?

Dwell time refers to the amount of time a malicious actor has access to a compromised system before an MSP detects a threat.

okay Agian

what is MSP ?

MSPs or managed service providers can address vulnerabilities in your network before they are even exploited. By implementing these guidelines, MSPs can bolster their line of defense against people with bad intentions.

Back to our story

And Back again but to 2011

In 2011 the the average time for an organization to discover that they have been breached (dwell time) was 416 days

Yes Security Become Better And Hackers Become Better too

ِIt makes no sense to wait for the threat to come

Time to Hunting the Threat

Threat hunting is the human-centric process of proactively
searching data and discovering cyber threats It is a drastic change from the traditional reactive approach of waiting for an internal system, such as an IDS, or law enforcement, to notify them that they have been
breached. The hunter detects threats that nothing else

Threat hunting aims to reduce the dwell time by
identifying threats in a very early stage of the infection.
By doing so, it may be possible to prevent attackers from
gaining a stronger foothold in the environment and remove
them from the network.

It is another line of defense for the organization, but it defends by attacking first

Becuase Hunting is an offensive-based strategy

Requires the hunter to think like an black-hacker or attacker

The hunting Process begins by identifying ptentially targeted data & system which behavioral techniques the attackers may use .

And there another Soldier called Threat Intelligence

Threat Intelligence is often utilized during the hunt to
develop techniques and carry out necessary actions to
protect systems from compromise.

Thanks to INE ,THM, Cybrary to help understand this topic



Muhammad Mater

Just a Boy Loves Infosec (REDTEAM, CTI, OSINT, Bug Bounty)