Threat Hunting

• PEAK Threat Hunting

  Mar 6, 2026

  Framework and resources for practical, model-assisted threat hunting.

• Infosec Jupyterthon - Threat Hunting in Three Dimensions

  Mar 6, 2026

  Notebook-driven threat hunting resources from the Infosec Jupyterthon project.

• The TTP Ep15: The Threat Hunter's Cookbook

  Sep 23, 2025

  YouTube appearance focused on methods and use cases from The Threat Hunter's Cookbook.

• The Threat Hunter's Cookbook

  Aug 6, 2025

  Hands-on guide for modern threat hunting workflows with practical methods and queries.

• Defending at Machine-Speed: Accelerated Threat Hunting with Open Weight LLM Models

  Apr 2, 2025

  Splunker Ryan Fetterman explains how Splunk DSDL 5.2 enhances cybersecurity operations, streamlining PowerShell script classification and reducing analyst workload by 250x.

• Autonomous Adversaries: Are Blue Teams Ready for Cyberattacks To Go Agentic?

  Feb 7, 2025

  Explore the impact of autonomous adversaries on cybersecurity as AI and LLMs evolve.

• Macro ATT&CK for a TTP Snack

  Oct 21, 2024

  Splunk's Mick Baccio and Ryan Fetterman explore 2024's macro-level cyber incident trends through the lens of the MITRE ATT&CK framework.

• Macro-ATT&CK 2024: A Five-Year Perspective

  Oct 10, 2024

  Splunk’s Ryan Fetterman and Tamara Chacon dive into attacker techniques, trends, and blue team tips for analyzing and visualizing data from the past year.

• Add To Chrome? - Part 4: Threat Hunting in 3-Dimensions: M-ATH in the Chrome Web Store

  Mar 4, 2024

  SURGe experiments with a method to find masquerading using M-ATH with Splunk and the DSDL App.

• Infosec Jupyterthon 2024 Day 1

  Feb 16, 2024

  Live stream appearance at Infosec Jupyterthon 2024 Day 1.

• Revisiting the Big Picture: Macro-level ATT&CK Updates for 2023

  Sep 26, 2023

  SURGe reviews the latest attacker trends and behaviors with this look at four years of ATT&CK data from some of the largest and most trusted threat reporting sources.

• Threat Hunting for Dictionary-DGA with PEAK

  Sep 12, 2023

  Explore applied model-assisted threat hunting for dictionary-based domain generation algorithms using the SURGe Security Research Team's PEAK Threat Hunting Framework.

• Threat Informed Planning with Macro-level ATT&CK Trending

  Jun 7, 2023

  YouTube appearance discussing threat-informed planning and macro-level ATT&CK trend analysis.

• The PEAK Threat Hunting Framework

  May 17, 2023

  A structured framework for model-assisted and evidence-driven threat hunting workflows.

• Model-Assisted Threat Hunting (M-ATH) with the PEAK Framework

  May 17, 2023

  Welcome to the third entry in our introduction to the PEAK Threat Hunting Framework! Taking our detective theme to the next level, imagine a tough case where you need to call in a specialized investigator. For these unique cases, we can use algorithmically-driven approaches called Model-Assisted Threat Hunting (M-ATH).

• Zoom. Enhance!: Finding Value in Macro-level ATT&CK Reporting

  Dec 14, 2022

  Aggregated analysis of global ATT&CK-mapped threat reporting