Skip to content

beathunterzero/cyber-threat-hunting

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
docs
docs
 
 
hipotesis/siem
hipotesis/siem
 
 
labs/elastic-security-lab
labs/elastic-security-lab
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

🎯 Cyber Threat Hunting

Structured knowledge base and laboratory for Threat Hunting focused on hypothesis-driven investigations, detection engineering, and security analysis using real-world methodologies.

⚠️ Note: The internal documentation of this repository is primarily written in Spanish.

This repository is designed as a professional knowledge base, not as a simple notes backup, and is aligned with:

  • MITRE ATT&CK

  • Cyber Kill Chain

  • Hypothesis-driven Threat Hunting

📌 Purpose

This project aims to:

  • Document Threat Hunting concepts in a structured way

  • Develop and register hunting hypotheses

  • Convert investigations into detection logic

  • Build a reusable knowledge base

  • Support practical lab environments (Elastic Stack)

🧭 Methodology

The content follows a structured Threat Hunting workflow:

  1. Understand the context (MITRE ATT&CK, Kill Chain)

  2. Formulate hypotheses

  3. Validate using telemetry and logs

  4. Document findings

  5. Convert results into detections or use cases

🗂️ Repository Structure

cyber-threat-hunting/  
│  
├── docs/  
│   ├── 01_fundamentos/  
│   ├── 02_cth-endpoints/  
│   ├── 03_cth-red-siem/  
│   ├── 04_madurez/  
│   └── 05_glosario/  
│  
├── hipotesis/  
│   ├── endpoint/  
│   ├── red/  
│   └── siem/  
│  
├── labs/  
│   ├── elastic-security-lab/  
│   ├── velociraptor-security-lab/  
│   └── wireshark-security-lab/

📖 Knowledge Base (docs)

Includes:

  • Hunting methodologies (IoC, hypothesis-driven, analytics)

  • MITRE ATT&CK and Cyber Kill Chain

  • Data sources and telemetry

  • Detection strategies

  • EDR vs SIEM comparison

  • Simulated attack datasets

🎯 Hypothesis-Driven Threat Hunting

The hipotesis section contains structured investigations focused on:

  • Defining detection problems

  • Validating attacker behavior

  • Generating actionable knowledge

🧪 Labs

Includes practical environments based on:

  • Elastic Stack (Elasticsearch, Kibana, Filebeat)

  • Velociraptor

  • Wireshark

  • Log ingestion pipelines

  • Detection rule creation

  • Threat Hunting workflows

🧱 Positioning

This repository represents:

  • A Threat Hunting knowledge base

  • Detection Engineering fundamentals

  • A SOC-oriented portfolio project

📍 Scope

  • Educational and professional development use

  • Does not contain sensitive or production data

👤 Author

beathunterzero
Cyber Threat Hunting & Security

[[01 - Filosofía y estrategia del Threat Hunting]]

About

Structured Threat Hunting knowledge base and lab. Document hypotheses, investigations, and detections using MITRE ATT&CK and Cyber Kill Chain.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors