The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms...
A vendor-neutral, hands-on guide to proactive threat hunting: the assume-breach mindset, MITRE ATT&CK, core telemetry, and techniques like baselining, beaconing, and LOLBin detection, all backed by Sigma-rule pseudocode and four full scenario hunts from phishing to command-and-control exfiltration.
Minimum price
$19.00
$29.00
About the Book
Threat Hunting: Finding Adversaries Before They Strike is a vendor-neutral, end-to-end guide for security analysts, incident responders, and blue-team engineers who want to move from reactive alert triage to proactive, hypothesis-driven hunting, regardless of which SIEM, EDR, or log platform they run.
The book opens with the assume-breach mindset and the intelligence-driven hunting loop, then builds the conceptual toolkit every hunter needs: indicators versus behaviors, the Pyramid of Pain, MITRE ATT&CK as a hunting map, and how to scope a testable hypothesis. From there it dives into the telemetry that makes or breaks a hunt: process creation and command-line logging, authentication and identity data, network flow and DNS, and cloud control-plane logs, along with practical guidance on finding coverage gaps before they undermine your detections.
The technique chapters cover frequency analysis, stacking, baselining, parent-child process analysis, living-off-the-land detection, beaconing, and rare-domain analysis, each paired with the math behind it, Sigma-rule pseudocode, realistic false positives, and clear escalation criteria. Four full scenario chapters then walk complete, start-to-finish hunts: phishing and initial access, persistence, credential theft and lateral movement, and command-and-control with data exfiltration.
The closing chapters show how to turn hunt findings into durable detections, write reports people actually read, build labs and datasets, structure a hunting team, and measure whether the program is working. Every pattern in this book is expressed as behavior first, telemetry second, and Sigma pseudocode third, so it transfers cleanly to Splunk, Elastic, Sentinel, Chronicle, or a homegrown data lake, no matter what stack you run.
About the Author
The founder of SouthStone Publications draws on more than twenty years in IT and cybersecurity, bringing that depth of experience into everything he writes. At heart, he's a technologist through and through: part enthusiast, part researcher, part engineer, part technical leader, having grown up alongside the internet itself and evolved right along with it.
His career sits at the crossroads of system design and cybersecurity, approached from both the offensive and defensive sides of the discipline. Over the years, he has built a reputation for turning complex, often intangible technical knowledge into practical guidance that professionals can actually put to work.
He currently serves on the leaderships in engineering and cybersecurity team at a leading IT services company in its industry, where he relentless studies emerging AI technologies and also cyber threats while helping organizations navigate the risks already at their doorstep. His expertise spans an unusually wide range of disciplines, consists of security engineering and development, project management, application security, infrastructure security, vulnerability management, reverse engineering, penetration testing, security architecture, incident response, and threat hunting and intelligence. He is equally at home diagnosing a flawed system architecture from the ground up, dissecting a sophisticated piece of malware, or leading red team operations against live threats - moving fluidly between granular technical detail and big-picture strategy in a way that few in the field can match.
Besides his astounding professional career experiences, he has partners with subject matter experts with backgrounds in technical writing, focused on AI, IT and security education, producing technical books and training programs that have helped countless developers, analysts, and practitioners build more resilient systems. That same dedication to clarity, rigor, and real-world relevance defines his work with Safe Ink Publications, where deep technical expertise meets a mission to make security knowledge accessible, actionable, and built to be sustainable, lasting and progressive.
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms...
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earned over $15 million writing, publishing and selling on Leanpub.
Learn more about writing on Leanpub
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them
You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!
Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.
Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.