My First Real-World Threat Hunting Experience (Personal Home Network)
Summary On March 19, 2025 , I decided to analyze my PC for unusual or malicious traffic and applications as a way to practice my Incident Response and Threat Hunting skills . After getting hooked on SOC analyst work , I saw this as my first real-world IR and Threat Hunting experience —not tied to an exam or CTF. Even though this was within my personal network , the concepts remained the same : a real environment, real malware, and real-world analysis and as you can see the application was already on my device since May 11, 2022. During my investigation, I discovered a malicious application and decided to document my findings for future reference. This initiative also allowed me to develop my own Threat Hunting methodology . Investigation Summary I started my investigation by examining network connectivity using netstat -anob in the command prompt. Upon reviewing the output, I noticed an unusual port—8080—standing out. Content that showing all of the ESTABLISHED connection ...