Threat Hunting

Cyber Threat Hunting is an essential exercise to proactively investigate potential compromises, detect advanced threats, and improve cyber defenses. LIFARS Subject Matter Experts orchestrate an exhaustive and iterative process with purpose built tools to conduct manual and semi-automated series of searches for Indicators of Compromise (IOC) and Initial Vectors of Compromise (IVOC).

Endpoint Threat Hunting

LIFARS Endpoint Threat Hunting is a methodology designed to detect and investigate, if your company’s security and confidentiality are compromised. We access forensics artifacts on volumes, memory and volatile data to examine probability of potential incidents and integrate with existing advanced persistent threat detection solutions to capture endpoint compromise snapshots. Our team validates the visibility potential of compromise indicators and potential threats, searches and other endpoints for the same threat actor’s lateral movement and remediates the issue leveraging Endpoint Security clean up methodology.

Network Threat Hunting

LIFARS network Threat Hunting analyzes network activities, such as packet captures and network flow, network IDS/IPS alerts, and network device logs. Indicators of compromise can be examined parallel to network streams, including full reconstruction of sessions and examination. It’s easy for firms to disregard monitoring potential threat vectors where the most insidious, long-term damage may be percolating. LIFARS elite expert team analyzes and examines your network anomalies, protocols and contextual capture.
A volumetric statistical analysis will focus on examining four key network features: 

  1. Suspicious sessions examination based on obfuscation and encryption techniques when compares to data entropy.

  2. Number and initiation of outbound network connections (such as TCP SYN).

  3. Duration of connections and amount of data exchanged.

  4. Frequency of connections and sequence of sessions (example UDP exploitation followed by TCP SYN reverse shell).

Threat Intelligence & Deep Dark Web Search

LIFARS Threat Intelligence helps your organization identify an ongoing and past cyberattack. Our analysts familiarize themselves with a company’s environment and effectively filter out key events that need closer examination. Optimization of Threat Intelligence in the daily mirage of events can dramatically increase the overall effectiveness and allow a SOC team to focus on important tasks and real malicious incidents. Our Threat Intelligence ensures a comprehensive evaluation of your business security. LIFARS also monitors the Deep Dark Web where a companies’ data can easily be exposed. Our team will detect leaks, mitigate the damage, and quickly resolve the matter.

LIFARS Threat Hunting Framework


  • Define and prioritize Threat Hunting missions of Network, Endpoint and External targets and align with the internal team on procedures, tactics, techniquies, process and policies.
  • Define operational procedures for target interrogation, collection and response.
  • Prepare initial vectors and conditions of digital artifacts for Threat Hunting from known or behavioral intelligence such as IOCs.


  • Offensive automated and manual Threat hunting based on the known and evolving threat landscape to discover relevant forensic artifacts.
  • Address systemic organized risk encompassing multi-staged and vectored vulnerabilities based on correlated Risk Scores, Threat Intelligence and Assessments.
  • Assurance post-breach clean-up via recurring Threat Hunting to Identify and Investigate additional malware, symptoms and IOCs.


  • Investigations to uncover IOCs, malicious patterns, symptoms and adversarial Tactics, Techniques and Procedures (TTPs).
  • Converge and correlate proprietary, open source and 3rd party intelligence with LIFARS TTPs.
  • Leverage Machine Learning and Artificial Intelligence ANalytics with deployed tools.


  • Correlate context of TTPs from attacks and attack campaigns to uncover linked data and enrichment of intelligence and hunting loop via content process advisory.
  • Provide client meaningful insight and visibility into defensive cyber maturity detection and response.

Key Benefits

LIFARS Cyber resilience experts leverage the latest data analytics algorithms based on the Tactics, Techniques, and Procedures that attackers are known to use, while utilizing Machine Learning, Artificial Intelligence, Behavioral Forensic Artifacts, and Threat Intelligence to detect ongoing or zero day cyberattacks and Advanced Persistent Threats (APTs) and leveraging the latest IOCs to identify the probability of an enterprise compromise. 

Our proprietary methodology enriches multiple sources of threat intelligence, as well as your internal network traffic, endpoints and LIFARS proprietary forensic artifacts techniques for threats that have gone undetected. Our methodology relies on a stochastic probability of confirming a compromise and the examining of both false positives and negatives to ensure accuracy during IOC identification regardless if the hunt concerns network forensics or endpoint examination and pattern matching to identify compromises and weak areas within the environment. 

LIFARS Methodology Incorporates Industry Standards

  • ISO/IEC 27035:2011: Information Security Incident Management
  • SANS: Creating and Managing an Incident Response Team
  • RFC 2350: Expectations for Computer Security Incident Response
  • CERT: Handbook for Computer Security Incident Response Teams (CSIRTS)
  • NIST 800-61: Computer Security Incident Handling Guide
  • ENISA: CSIRT Setting up Guide
  • ENISA: Good Practice Guide for Incident Management
  • ISACA: Incident Management and Response

Related Articles

Related Documents