After talking about scaling a hunt team with the concept of "Pack Hunting" in my last post, now I want to approach a topic that has been weighing on my mind as the year comes to a close. How do I build a kickass hunt program? And how would I know if I did? Admittedly, this is on my mind because next year my program will have been around long enough to be audited, which means I need to be able to measure my program in an audit-able way. I am not talking about the outcome of th

I have been busy celebrating weddings with families and friends for a few weekends, but I am back with the latest hurdle in program building - scalability. I haven't stopped working on the hunt analytic repo, but I have switched to playing in AWS DynamoDB. Traditionally hunting has been one hunter creating a hypothesis and then hunting on that hypothesis to find attacker activity. Current resources even take this a little further and have the disruption and eradication of the