Develop actionable strategies to proactively hunt advanced persistent threats and detect zero-days using CTI and behavior-based detection techniques
Key Features
Intelligence-led threat hunting framework for detecting APTs and zero-day attacks at scale Hands-on detection of stealthy adversaries using behavioral analytics and machine learning Real-world hunting workflows across cloud, hybrid, and enterprise environments
Book DescriptionModern adversaries rely on stealth, living-off-the-land techniques, and zero-day exploitation to evade traditional security controls. This practical guide shows experienced defenders how to move beyond reactive alerts and build a proactive threat hunting capability driven by cyber threat intelligence. Written for seasoned cybersecurity professionals, the book demonstrates how to formulate CTI-driven hunt hypotheses and detect advanced persistent threats by analyzing adversary behavior across the Cyber Kill Chain. Youll learn how to track APT infrastructure, map attacker TTPs using the MITRE ATT&CK framework, and identify post-exploitation activity that signals successful compromise. Through hands-on exercises, youll apply behavioral analytics, detection engineering, and machine learningbased anomaly detection to uncover what signature-based tools miss. Coverage includes threat hunting in cloud, hybrid, and ICS/OT environments, with real-world techniques for lateral movement, persistence, privilege escalation, and data exfiltration. By the end of this book, youll be equipped to run intelligence-led threat hunts, detect advanced threats earlier, and operationalize CTI as a core part of your defensive strategy.What you will learn
Build CTI-driven hypotheses for proactive threat hunting Detect APT behavior across the Cyber Kill Chain Identify zero-day activity using behavioral analytics Apply MITRE ATT&CK to map adversary TTPs Use machine learning for anomaly-based detection Hunt post-exploitation activity and lateral movement Investigate threats in cloud and hybrid environments Design a scalable, resilient threat hunting program
Who this book is forThis book is tailored for experienced, mid-to-senior level cybersecurity professionals operating in roles focused on proactive defense. The audience includes cyber threat hunters, cybersecurity analysts, cyber intelligence analysts, and incident responders. These profiles are looking to bridge the gap between intelligence production and its actionable application in live hunting operations, and this book will help them to achieve this.
Table of Contents
Revisiting CTI for Advanced Threat Hunting
Understanding APTs Actors, Motivations and TTPs
Deep Dive: CTI Collection and Enrichment for APTs
Core Principles of Proactive Threat Hunting
Mastering Data Sources for Deep Dives
Hunting Zero-Days Through Behavioural Signatures
Advanced Hunting Techniques and Queries
Hunting Delivery and Initial Access
Hunting Exploitation and Execution
Hunting Persistence and Privilege Escalation
Hunting Lateral Movement and Discovery
Hunting Command and Control (C2)
Hunting Collection and Exfiltration
Attribution Challenges and Techniques
Behavioural Clustering for Zero-Day Detection
Hunting in Cloud and Specialized Environments
Building a Resilient Threat Hunting Program
Emerging Trends in Threat Hunting and CTI
Gianluca Tiepolo is a cybersecurity researcher who specializes in mobile forensics and incident response. He holds a BSc degree in Computer Science and an MSc in Information Security, as well as several security-related certifications. Over the past 12 years, he has performed security monitoring, threat hunting, incident response, and intelligence analysis as a consultant for dozens of organizations, including several Fortune 100 companies. Gianluca is also the co-founder of the startup Sixth Sense Solutions, which developed AI-based anti-fraud solutions. Today, Gianluca works as a Security Delivery Team Lead for consulting firm Accenture Security. In 2016, he authored the book Getting Started with RethinkDB, published by Packt Publishing. Dan Sorensen has a vast experience as a Chief Information Security Officer (CISO) and advisor. He has directed $50M+ cybersecurity programs, briefed boards and senior leaders, and delivered results that align security with business outcomes. His work spans cyber risk management, Zero Trust, FedRAMP/CMMC, IAM/PAM, and compliance with global frameworks including NIST RMF, ISO 27001, HIPAA, PCI-DSS, and the EU AI Act. He has guided organizations through digital transformation, regulatory change, and emerging threats, transforming risk posture with AI-driven solutions and measurable ROI.
