THOR Collective

Hi thrunters! We’re on a well-earned December break. Stay tuned for an end-of-year post and a podcast episode with the OG Detection Dispatcher, Alex Hurtado!

Finding nothing ≠ failing the hunt. Sometimes “nothing” is the loudest signal that your defenses worked. @jotunvillur breaks down how to measure the quiet wins in in one of my favorite @THOR_Collective Dispatch posts: dispatch.thorcollective.com/p/measuring-th…

October delivered AI agents, time mastery, and a few purple team curveballs. From scaling hunts like code to aligning GRC with threat-informed defense, this month’s Dispatch lineup from @THOR_Collective hit every layer of the stack. Full recap here: 🔗 dispatch.thorcollective.com/p/dispatch-deb…

🐑Ask-a-Thrunt3r Logtoberfest dropped! Damien Lewke joins @THOR_Collective to talk what's ACTUALLY coming in the next 12-24 months for threat hunting. Plus: Sydney's "AI bestie" approach & our campaign to ban email globally 🎧 Listen: dispatch.thorcollective.com/p/ask-a-thrunt… #cybersecurity

In the latest @THOR_Collective guest post, threat hunter Sam Hanson breaks down two TTP-driven hunts — KurtLar_SCADA and a weird .NET Modbus binary — proving simple hypotheses > chasing IOCs. IOCs show where the fire was. TTPs show where it will be. dispatch.thorcollective.com/p/hunting-beyo…

🎤 The Autonomous SOC (Taylor’s Version) Guest post with Kassandra Murphy AI hype is loud. Most teams are just automating chaos. Fix the basics first. Then scale the magic. Read it on @THOR_Collective Dispatch. dispatch.thorcollective.com/p/the-autonomo…

🚨New post on @THOR_Collective Dispatch🚨 “Aligning Risk Management and Threat-Informed Defense Practices (Part 1)” by Micah VanFossen GRC, SecOps, CTI, Red Teams all chasing the same goal through different lenses. Read it here: dispatch.thorcollective.com/p/aligning-ris… #thrunting #grc

If tstats gives you speed and eventstats gives you context...timechart gives you shape. This week’s @THOR_Collective SPL Dispatch breaks down how to use timechart to uncover rhythm, automation, and the occasional cron job masquerading as “normal.” dispatch.thorcollective.com/p/the-shape-of…

Threat hunting falls apart when your “docs” live in Slack threads and sticky notes. Part 2 of the @THOR_Collective Dispatch Agentic Threat Hunting series covers the first step to scaling: put your hunts in a GitHub repo and give your AI bestie memory. dispatch.thorcollective.com/p/agentic-thre…

We at @THOR_Collective are waking you up before September ends, because a new Ask-a-Thrunt3r episode just dropped with: 2K subscriber milestone 🎉 15 baseline examples The great data vs. data debate Plus: Is Git the future of hunt collaboration? 🎧: dispatch.thorcollective.com/p/ask-a-thrunt…

From temporal to behavioral, baselines are the thrunter’s compass. September’s Dispatch from @THOR_Collective shows how to use them to sharpen the hunt and includes ten baseline hunts you should be running now. 🔗 dispatch.thorcollective.com/p/dispatch-deb…

You can't find weird if you don't know normal. @THOR_Collective just dropped 10 baseline hunts you can shine in the dark parts of your env and magnify the adversaries from the noise. Join us for all the thrunting goodness 👉: dispatch.thorcollective.com/p/baseline-bon… #threathunting #infosec

✨ Representation is STILL a security issue. ✨ @THOR_Collective Dispatch with Kassandra Murphy from March. The message still stands. • Fix biased job reqs • Put diverse voices on panels • Mentor future hackers • Model inclusive leadership, every day dispatch.thorcollective.com/p/why-we-need-…

Cybersecurity needs more than hackers in hoodies. In this week’s @THOR_Collective Dispatch, guest Courtney Shar shares how project management skills like risk alignment, process design, and team coordination directly strengthen security programs. 👉 dispatch.thorcollective.com/p/beyond-hacke…

🚨 Think your browser extensions are harmless? Join @tuckner for @THOR_Collective and learn how to hunt the dangerous ones before they hunt you: thorcollective.substack.com/p/even-if-many… #cybersecurity #infosec #threathunting #thrunting

📻 Ask a Thrunt3r August is here! DEF CON wisdom unlocked: 🔓 Why your SecOps model isn't working anymore 🎯 Supply chain attacks via AI coding tools 🛠️ One tool @THOR_Collective wishes you knew about (hint: it's Sliver) dispatch.thorcollective.com/p/ask-a-thrunt… #threathunting #cybersecurity

🚨New post on @THOR_Collective Dispatch 🚨 Certis Foster didn't hunt for it. It revealed itself. The key? Plotting behavior in 3D space: 🕒 Time 🗺️ Terrain 🎯 Behavior Outliers can’t hide in 3D. dispatch.thorcollective.com/p/cant-hide-in… #threathunting #thrunting #infosec #THORcollective

If you don’t know what “normal” looks like in your environment, you’re not hunting...you’re hoping. Our latest @THOR_Collective Dispatch post breaks down 5 baselines every thrunter needs. Map normal. Track drift. Catch threats. Read here: dispatch.thorcollective.com/p/you-cant-fin…

Summertime sadness hit the Dispatch hard: sunscreen > screen time. 🌞 But the hunts never stopped, and this month we’re back with fresh chaos, AI wisdom, and a noob’s-eye view of DEF CON. 👉 Catch the @THOR_Collective August Dispatch: dispatch.thorcollective.com/p/dispatch-deb…

What happens when you throw yourself into DEFCON for the very first time? You get Line Con, Noob Village wisdom, hacker merch battles, Flipper Zero impulse buys, Hacker Jeopardy chaos, and the realization that DEFCON is not just a con, it is a community. dispatch.thorcollective.com/p/my-first-def…