Threat Hunting using GRR Rapid Response

Cybercrimes have evolved, and their tactics and techniques are increasingly changing with an alerting pace. This calls for a change in the mindset used to implement security measures, by adopting the approach of continuously and constantly looking for attacks that pass through the deployed security solutions. This approach of searching through the networks for any evidence on threat activity, rather waiting for a breach notification is referred to as cyber threat hunting. This paper discusses the deployment of threat hunting process using GRR Rapid Response. Two experiments were conducted, in which, both remote code execution, client side exploits are tested, and successful exploitation was used to configure a backdoor to the victim's system to achieve persistence. The experiments show that threat hunting can be achieved by the study of the monitored system's normal patterns of behavior, which will help identify the indications and thresholds that can be used in threat hunting.