Serious Threat Hunting: Hunting for Advanced Adversaries without IOCs
Threat hunting is becoming big. But today most teams are using tools for the hunt that will not get the job done. This is because they are "searching" for static information--indicators of compromise, signatures, etc.--which cannot catch a sophisticated attack. To truly hunt, one must be stealthy, methodical, and one must analyze behavior, rather than signatures.