HEARTH just got operational. 160+ hunts, now with: What can I hunt? → based on your telemetry Coverage map → see your gaps Context graph → prioritize what matters now Same library. Way more usable. dispatch.thorcollective.com/p/three-new-...

Breaking into cybersecurity can feel like opening 23 tabs and learning nothing. In this @THOR_Collective Dispatch guest post, Bella San Lorenzo shares practical ways to break the cycle and start making real progress. Part II is live! dispatch.thorcollective.com/p/all-roads-...

We teach people how to start a threat hunt. Nobody teaches them when to stop. New post on @thorcollective.bsky.social Dispatch on closing hunts with actual criteria instead of gut feelings 👇 👉 dispatch.thorcollective.com/p/when-to-st...

New on the @thorcollective.bsky.social Dispatch - Bella San Lorenzo on the paralysis of trying to find your place in cybersecurity. 47 browser tabs. A perfectly organized Notion page. Zero actual progress. Sound familiar? 👉 dispatch.thorcollective.com/p/the-more-i...

OpenClaw isn't malware. It's a legitimate tool that store credentials, retain memory, and act autonomously. That's what makes it dangerous when misused. Full behavioral breakdown in our latest Hunt Mode post. 🦀 nebulock.io/blog/hunting...

You don’t need a desk to build. I used AI more from my phone last month than from my desk. What mattered was removing friction and building where ideas show up. 👉 New on @thorcollective.bsky.social Dispatch: dispatch.thorcollective.com/p/you-dont-n...

“I’m not a developer” is a self-imposed limit. If you’ve written a query, a script, or an automation to fix a problem, you’re already building. In the latest @thorcollective.bsky.social Dispatch, we talk about why building is a core security skill. dispatch.thorcollective.com/p/why-you-sh...

DigitStealer is an excellent example of where macOS malware is heading: multi-stage, modular, and using legit macOS tools like it belongs there. Detect the attack, not the sample. Shoutout Jamf Threat Labs 🙌 nebulock.io/blog/hunting...

80 posts. @thorcollective.bsky.social kept hitting publish. This year was about doing the work, writing it down, and sharing it anyway. If you read, argued, bookmarked, or built alongside us, thank you. Happy New Year. Happy thrunting. dispatch.thorcollective.com/p/80-posts-l...

It's happening! Meet the Agentic Threat Hunting Framework (ATHF). Tired of copy-pasting the same hunt template over and over? Same. I built a framework designed for an AI-assisted future that adds structure, memory, and context to every hunt. Come check it out! nebulock.io/blog/agentic...

November’s @thorcollective.bsky.social Dispatch Debrief is live with SCADA weirdness, Taylor’s Version SOC vibes, and purple team chaos. Come thrunt with us. dispatch.thorcollective.com/p/dispatch-d...

🚨New post on @THOR_Collective Dispatch🚨 “Aligning Risk Management and Threat-Informed Defense Practices (Part 2)” by Micah VanFossen What happens when you sync risk, controls, and threat intel to drive real-security outcomes. dispatch.thorcollective.com/p/aligning-r... #thrunting #grc

🚨New post on @THOR_Collective Dispatch🚨 Purple teaming isn’t shiny. It’s delays, blockers, tickets & pivots. And that’s okay. open.substack.com/pub/thorcoll... #thrunting #PurpleTeaming

Have you ever run the best hunt of your life and then forget how two weeks later? Same. Meet the PEAK Threat Hunting Template. Built to make your hunts repeatable, reviewable, and impossible to lose. 👉 Read on THOR Collective Dispatch - dispatch.thorcollective.com/p/the-peak-t...

🎤 The Autonomous SOC (Taylor’s Version) Guest post with @kassafras09.bsky.social AI hype is loud. Most teams are just automating chaos. Fix the basics first. Then scale the magic. Read it on @thorcollective.bsky.social Dispatch. dispatch.thorcollective.com/p/the-autono...

In the latest @thorcollective.bsky.social guest post, Sam Hanson breaks down two TTP-driven hunts — KurtLar_SCADA and a weird .NET Modbus binary — proving simple hypotheses > chasing IOCs. IOCs show where the fire was. TTPs show where it will be. dispatch.thorcollective.com/p/hunting-be...

October delivered AI agents, time mastery, and purple team curveballs. From scaling hunts like code to aligning GRC with threat-informed defense, this month’s Dispatch lineup from @thorcollective.bsky.social hit every layer of the stack. Full recap here: dispatch.thorcollective.com/p/dispatch-d...

Finding nothing ≠ failing the hunt. Sometimes “nothing” is the loudest signal that your defenses worked. @jotunvillur.bsky.social breaks down how to measure the quiet wins in in one of my favorite @thorcollective.bsky.social Dispatch posts: dispatch.thorcollective.com/p/measuring-...

In this week’s @thorcollective.bsky.social Dispatch, Sam Hanson lays out how to move beyond indicator-based hunting and build detection muscle that actually scales. 👉 dispatch.thorcollective.com/p/hunting-be...

If tstats gives you speed and eventstats gives you context...timechart gives you shape. This week’s @thorcollective.bsky.social SPL Dispatch breaks down how to use timechart to uncover rhythm, automation, and the a cron job masquerading as “normal.” dispatch.thorcollective.com/p/the-shape-...

Threat hunting falls apart when your “docs” live in Slack threads. Part 2 of the @thorcollective.bsky.social Dispatch Agentic Threat Hunting series covers the first step to scaling: put your hunts in a GitHub repo and give your AI bestie memory. dispatch.thorcollective.com/p/agentic-th...

✨ To get you ready for Taylor Swift’s latest album… ✨ 🎶 Check out Life of a Detection Girl - a playlist I created inspired by Taylor Swift and Alex Hurtado, with a touch of cyber woven in. Give it a listen and let me know your favorite track! suno.com/playlist/5cf...

We at @thorcollective.bsky.social are waking you up before September ends, because a new Ask-a-Thrunt3r episode just dropped with: 2K subscriber milestone 🎉 15 baseline examples The great data vs. data debate Plus: Is Git the future of hunting collab? 🎧: dispatch.thorcollective.com/p/ask-a-thru...

From temporal to behavioral, baselines are the thrunter’s compass. September’s Dispatch from @thorcollective.bsky.social shows how to use them to sharpen the hunt and includes ten baseline hunts you should be running now. 🔗 dispatch.thorcollective.com/p/dispatch-d...

You can’t find weird if you don’t know normal. @thorcollective.bsky.social just dropped 10 baseline hunts you can shine in the dark parts of your env and magnify the adversaries from the noise. Join us for all the thrunting 👉: open.substack.com/pub/thorcoll... #threathunting #infosec

✨ Representation is STILL a security issue. ✨ @thorcollective.bsky.social Dispatch with @kassafras09.bsky.social from March. The message still stands. • Fix biased job reqs • Put diverse voices on panels • Mentor future hackers • Model inclusive leadership dispatch.thorcollective.com/p/why-we-nee...

Cybersecurity needs more than hackers in hoodies. In this week’s @thorcollective.bsky.social Dispatch, Courtney Shar shares how project management skills like risk alignment, process design, and team coordination directly strengthen security programs. 👉 dispatch.thorcollective.com/p/beyond-hac...

🚨New post on @thorcollective.bsky.social Dispatch 🚨 Certis Foster didn't hunt for it. It revealed itself. The key? Plotting behavior in 3D space: 🕒 Time 🗺️ Terrain 🎯 Behavior Outliers can’t hide in 3D. dispatch.thorcollective.com/p/cant-hide-... #threathunting #thrunting #THORcollective

If you don’t know what “normal” looks like in your environment, you’re not hunting...you’re hoping. Our latest @thorcollective.bsky.social Dispatch post breaks down 5 baselines every thrunter needs. Map normal. Track drift. Catch threats. Read here: dispatch.thorcollective.com/p/you-cant-f...

Summertime sadness hit the Dispatch hard: sunscreen > screen time. 🌞 But the hunts never stopped, and this month we’re back with fresh chaos, AI wisdom, and a noob’s-eye view of DEF CON. 👉 Catch the @thorcollective.bsky.social August Dispatch: dispatch.thorcollective.com/p/dispatch-d...

The Quiet War isn’t loud breaches or ransomware. It’s subtle. AI-driven adversaries are blending in and evading detection. Hunters must shift: hunt intent, not just indicators. 👉 New guest post by Damien Lewke on @thorcollective.bsky.social Dispatch: dispatch.thorcollective.com/p/the-quiet-...

What happens when you throw yourself into DEFCON for the very first time? You get Line Con, Noob Village wisdom, hacker merch battles, Flipper Zero impulse buys, Hacker Jeopardy chaos, and the realization that DEFCON is not just a con, it is a community. dispatch.thorcollective.com/p/my-first-d...

It’s here! 🎉 @dr-fett.bsky.social and I coauthored The Threat Hunter’s Cookbook and we’re thrilled to finally share it. Built for defenders at every level with hunting methods from simple filtering to advanced clustering. 👉 Get the eBook: www.splunk.com/en_us/form/t...

The Hacker Summer Camp starter pack: ⚡ Stickers ⚡ Patches ⚡ Coins ⚡ Wristbands ⚡ Temporary THRUNT tattoos Find the @thorcollective.bsky.social crew in Vegas. Say hi and get some swag 👀

Shoutout to our fam Elipscion, who's spinning live at DEF CON 33 this Friday at 8pm on the DEF CON stage. 🎧 Listen here: open.spotify.com/artist/2tgPZ... 🔥 Join our @thorcollective.bsky.social meetup during his set. Say hi, talk hunts, and grab some free swag. See you there!

🌵 Calm before the Hacker Summer Camp storm. July’s Dispatch Debrief is light on posts, heavy on hot takes — from agentic AI to making pentest findings sting. Catch up before Vegas 👉 dispatch.thorcollective.com/p/dispatch-d...

Threat hunting is broken. We can’t out-query adversaries who automate everything. Enter the agentic threat hunter. An AI that thinks, hypothesizes, investigates, and scales. In the latest @thorcollective.bsky.social Dispatch, we explore this shift: 📌 dispatch.thorcollective.com/p/the-agenti...

Heading to hacker summer camp? I wrote a survival guide for DEF CON, Black Hat, etc. - Pick your purpose - Villages > talks - Hallway track is real - You belong here 👽 dispatch.thorcollective.com/p/con-101-ho... @thorcollective.bsky.social will be out there with thrunting stickers—come say hi.

We’re giving away another THOR Collective Challenge Coin. Ask-a-Thrunter drops early August (recording July 31). Hacker Summer Camp vibes guaranteed. 🎟️ Join our paid sub for giveaways + Discord. 💬 Questions? Drop ’em. radio.thorcollective.com

New from @thorcollective.bsky.social Dispatch: If You Like It Then You Should’ve Put a timechart on It We’re diving into why timechart is a threat hunter’s best friend. From beaconing to privilege spikes, baselines, and more. Read it here 👉 dispatch.thorcollective.com/p/if-you-lik...

The Threat Hunter’s Cookbook drops at #BlackHat! Huge thanks to my co-author @dr-fett.bsky.social for bringing this project to life and @meansec.bsky.social for the forward. Come celebrate with #SURGe and grab a signed copy at #Splunk’s After Party! 🖤 splunk.swoogo.com/splunkafterp...

No @thorcollective.bsky.social Dispatch posts this week. We’re taking a breather to rest and recharge. We'll be back next week, ready to thrunt. #threathunting #thrunting #THORcollective #cybersecurity #infosec

THRUNTING isn’t just a buzzword. It’s a mindset. 🐑 Inspired by Tim Peters’ 19 aphorisms for Python, @thorcollective.bsky.social Dispatch introduces "The Zen of Thrunting." dispatch.thorcollective.com/p/the-zen-of... Stay curious. Happy thrunting.

Dispatch Debrief: June 2025 Everything’s fine… until it isn’t. This month’s @thorcollective.bsky.social Dispatch served up a spicy mix of threat hunting, plugin paranoia, purple teaming insights, and a few thrunting curveballs to keep you sharp. 🌶️ dispatch.thorcollective.com/p/dispatch-d...

🔌 That browser extension? That IDE plugin? Might not be doing what you think. New on @thorcollective.bsky.social Dispatch: five hunt ideas + a PEAK deep dive into sneaky plugin abuse. Start with visibility. Hunt what blends in. 📖 dispatch.thorcollective.com/p/your-plugi...

New guest post on thorcollective.bsky.social Dispatch from infosecsherpa.bsky.social: Don’t Let Mis(s) Information Take the Crown 👑 This post shows how to apply the Intelligence Cycle to news and help you filter bias. Read it here: dispatch.thorcollective.com/p/dont-let-m...

#thrunting #thrunt #threathunting #THORcollective #infosec #cybersecurity

This month’s Dispatch Giveaway is live! 🔥 One lucky paid subscriber will win a thorcollective.bsky.social challenge coin! 🗓️ June 26 @ 7PM PT Streaming live in our private Discord Podcast drops for everyone the following week ➡️ Join the Collective: dispatch.thorcollective.com

⚡ New @thorcollective.bsky.social Dispatch drop No hallucinations here. Just TTPs that quietly defined Q1 2025. 🔐 OAuth abuse 📦 Malicious packages 🖥️ SimpleHelp RMM exploits Stay ahead with what to hunt & where to look. 👉 dispatch.thorcollective.com/p/from-the-f... #THORCollective #threathunting

🚨 New post on @thorcollective.bsky.social Dispatch🚨 Red with Benefits: Purple Teaming with Sliver Beacons Sliver isn’t just for flexing during pentests, it’s your new favorite detection engineering wingman. 👇 dispatch.thorcollective.com/p/red-with-b...