David Bianco's Blog Posts
David is a member of Splunk's SURGe team, where he conducts research in incident detection and response, threat hunting, and Cyber Threat Intelligence (CTI). He is also a SANS Certified Instructor, where he teaches FOR572 Network Forensics and Threat Hunting.
Display Mode
Paginated
Filter
Author
Author URL
Limit
6
Hypothesis-Driven Cryptominer Hunting with PEAK
A sample hypothesis-driven hunt, using SURGe's PEAK threat hunting framework, looking for unauthorized cryptominers.
The “Why” of Threat Hunting Has Changed
When hunting emerged, most organizations used it to discover incidents that their automated detection systems missed. However, as hunting has matured, we’ve come to realize that its impact goes far beyond just finding security incidents.
Measuring Hunting Success with PEAK
Splunker David Bianco explains how an effective threat hunting program is one of the best ways to drive positive change across an organization’s entire security posture.
Turning Hunts Into Detections with PEAK
In this post, we’re going to look at something the PEAK framework refers to as the Hierarchy of Detection Outputs.
Baseline Hunting with the PEAK Framework
Splunker David Bianco provides an in-depth look at baseline hunts, also known as Exploratory Data Analysis (EDA) hunts.
Trust Unearned? Evaluating CA Trustworthiness Across 5 Billion Certificates
In this blog post, we dive into our recent research project, in which the Splunk SURGe team analyzed more than five billion TLS certificates to find out if the CAs we rely on are really worthy of our trust.