WELCOME TO CRONINITY

Threat Hunting Frameworks Threat hunting is a proactive cybersecurity discipline that requires structure, strategy, and context. Two of the most popular threat hunting frameworks are PEAK and TaHiTI, with the MITRE ATT&CK framework playing a foundational role across all threat hunting efforts. PEAK stands for Prepare, Execute, and Act with Knowledge . TaHiTI stands for Targeted Hunting Integrating Threat Intelligence . MITRE ATT&CK, while not a hunting framework per se, is a

Threat Hunting & Cyber Threat Intelligence (CTI) - Standard Operating Procedure (SOP) 1. Purpose This Standard Operating Procedure (SOP) defines the processes for integrating Cyber Threat Intelligence (CTI) into Threat Hunting missions. The objective is to ensure threat hunting activities are informed by relevant intelligence, structured investigative methodologies, and standardized intelligence collection and analysis practices. Effective integration of CTI into threat hunti

Enhanced Monitoring Overview In environments using Microsoft Defender XDR and Microsoft Sentinel, there are situations where enhanced monitoring is required beyond normal security operations. This article outlines several enhanced monitoring approaches and explains the nuances associated with each. The starting point is understanding the steady-state security monitoring model in an environment where Defender XDR and Sentinel are integrated. In this architecture, detections ar

What is yara? YARA is an open-source, cross-platform tool used by malware researchers and security analysts to identify, classify, and detect malware samples based on textual or binary patterns. Often described as a "Swiss Army knife" for threat hunting, YARA operates by matching specific rules, sets of strings and Boolean conditions, against files or running processes, enabling the identification of malware families. Yara is maintained by VirusTotal. Ways yara can be implem

Microsoft Copilot Overview Microsoft has named its Artificial intelligence (AI) product Copilot. Microsoft currently offers the following AI products. Microsoft Security Copilot is the AI product that is covered in the SC-200 exam. Copilot for Microsoft 365 : This version is designed for businesses and integrates AI into Microsoft 365 apps like Word, Excel, PowerPoint, Outlook, and OneNote. Copilot for Sales : This version helps sales teams maximize effectiveness and close

Microsoft Defender for Office365 (MDO) Think of MDO as your email security gateway, constantly scanning emails to defend against phishing, malware, and spoofing attempts. Here's how it works: Analyzing Email Sources : Evaluates the origin of emails, checking against databases of known malicious senders and infrastructure. Verifying Sender Authenticity : Confirms whether the sender's identity, brand, and domain are legitimate. For external domains, spoof intelligence ensure

Microsoft Defender for Identity (MDI) Identity Protection: Understanding and Addressing Identity-Based Threats Identity protection focuses on identifying and mitigating weaknesses and threats related to identity systems. The adage "Identity is the new perimeter" may be overused, but it accurately highlights the reality of modern cybersecurity. Threat actors target identities because they grant access to systems and sensitive information. With the growing shift to cloud-based

Demystifying the Microsoft SC-200 Certification The Microsoft SC-200 certification is designed for cybersecurity analysts and engineers who work with Microsoft's security solutions. According to Microsoft, the SC-200 course teaches professionals how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Defender for Cloud. Microsoft is a dominant player in the cybersecurity industry, offering a broad suite of security

Many Identity & Access Management frameworks are several years old, so care needs to be taken on what a mature 'Identity management' looked like in 2010 versus 2025. Gartner Identity & Access Management (IAM) Maturity Model One of the primary maturity models used for Identity and Access Management (IAM) is the Gartner IAM Maturity Model. This model evaluates IAM maturity using standard capability maturity levels—Initial, Developing, Defined, Managed, and Optimized, across key

Within the CISO MindMap, Security Operations encompasses three major domains: Threat Prevention, Threat Detection, and Incident Management. This article focuses specifically on the Threat Prevention domain and examines several maturity models that apply to key subdomains within this area. Threat Prevention Threat Prevention spans a broad range of capabilities and is heavily influenced by an organization’s operational environment and technology stack. While many subdomains hav

One of the first areas of the CISO MindMap we will examine is Team Management, which encompasses both Information Security Budget Management and Staffing and Talent Management. There is no single, universally adopted “Security Budget Capability Maturity Model” dedicated specifically to IT or information-system security budgeting. However, several established capability maturity models include budgeting, financial governance, or resource optimization as part of broader securit

CISO MindMap Overview A few years ago, I came across the CISO MindMap, “What Security Professionals Really Do?”, developed by Rafeeq Rehman. It remains an excellent reference for cybersecurity practitioners, especially those in leadership roles. The MindMap is available publicly and continues to be updated as the field evolves. Cybersecurity professionals often develop deep expertise in one or more domains, but may not have full visibility into the breadth, interdependencies,

Today’s AI Systems and need for High-speed interconnects Modern AI systems resemble supercomputers far more than traditional web-scale architectures. This is because AI workloads, especially distributed training using data-parallel, model-parallel, or tensor-parallel techniques, place enormous demands on east-west bandwidth between GPUs. These GPU-to-GPU exchanges include: Gradient sharing Parameter synchronization Checkpointing and state transfers Collective operations such

AI's Multiple Networks: Understanding the Layers of Connectivity Modern AI infrastructure uses multiple specialized networks, each with distinct performance, reliability, and cost requirements. These networks are typically organized into four or five tiers, ranked below from lowest to highest by speed, performance demands, and connectivity needs. Because each network tier has different requirements, they use different cabling and hardware at varying price points. Within each