Threat Hunt Book by Predefender
This notebook serves as a comprehensive guide to Threat Hunting, presented in a structured book format. Over the years, I’ve gained significant experience establishing SOC departments for Norwegian cybersecurity firms while actively working as a threat hunter.
Now, as I transition into managing a Cyber Security Operations Center (CSOC), I’m sharing my insights to help SOC analysts become effective threat hunters from the outset.
Roger C.B. Johnsen
Have feedback?
Share your thoughts, suggestions, or corrections via my preferred contact links .
About the Content
This content has been meticulously refined using tools like ChatGPT to enhance grammar, clarity, and readability. The site features a curated collection of notes, articles, presentations, and personal reflections, drawn from years of hands-on experience as a threat hunter.
Recent Changes and Additions
| Date | Change/Addition |
|---|---|
| Jan. 11, 2025 | - Added “The Threathunter Persona ” page |
| Dec. 27, 2024 | - Added the “Release Plan ” page, accessible via the left site menu. |
| - Improved the left site menu by removing chapter/part prefixes. | |
| Nov. 03, 2024 | Added a page on No Result Hunts . |
| Nov. 02, 2024 | Added a page on creating hypotheses . |
| Oct. 27, 2024 | - Added a page on T1105 from a recent threat hunt investigation. |
| - Added a page on planning a threat hunt . | |
| - Added a page on intelligence resources . | |
| Oct. 26, 2024 | - Added a page on starting a threat hunting program . |
| - Added pages on threat hunting deliveries . | |
| Oct. 21, 2024 | Revised the introduction for Threat Hunting Deliveries. |
| Oct. 20, 2024 | Added a section on Threat Hunting Deliveries. |
| Oct. 19, 2024 | Added a section on conditional access for T1566 . |
| Oct. 15, 2024 | Added a tip on Windows Login. |
| Oct. 13, 2024 | Introduced a new section: Deliveries under Part 1, including the new page SITREP. |
| Oct. 12, 2024 | Introduced a new section: Mitre Field Notes, featuring the page T1566 - Phishing. |
| Oct. 11, 2024 | Added links to social platforms, X (formerly Twitter) and Mastodon. |
| Oct. 06, 2024 | - Quality assured the OpenSearch Python API ingester. |
| - Improved document formatting across the site. | |
| - Added tips for Windows event log success and failure. | |
| Sep. 30, 2024 | Added a “FAQ ” page. |
| Sep. 29, 2024 | Added a page on Understanding Data . |
