Chapter 5. References and Further Reading
In this report, I’ve outlined strategies, processes, and techniques for threat hunting. By this point, you should be versed enough in threat hunting to make a case for it, determine whether you can effectively hunt, and execute a hunt. In addition, you have a shopping list of hunting techniques and pointers to repositories of other techniques.
Thinking and Reasoning About Hunting
-
Hutchins, Eric, et al., “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains.” Lockheed Martin White Paper, available at https://lmt.co/2Ktdgto. This is the Cyber Kill Chain paper; it’s worth reading both to understand the CKC model and the circumstances in which it was constructed.
-
Koen, Billy Vaughn. Discussion On The Method: Conducting The Engineer’s Approach to Problem Solving (Oxford, UK: Oxford University Press, 2005). Koen’s book is about how engineers reason by building up from heuristic approaches. Dense and philosophical, this is also one of the best books for someone approaching an undifferentiated pile of data to read.
-
Vicenti, Walter. What Engineers Know and How They Know It: Analytic Studies from Aeronautical History (Baltimore, MD: The Johns Hopkins University Press, 1990). Vicenti’s book argues that, apart from the classic scientific method, there is a distinct engineering line of reasoning.
-
US Government. A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence ...
Get Threat Hunting now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
