THOR Collective Radio

Ask-a-Thrunt3r: December 2025 - DEcember 🐏📝 Episode SummaryWelcome back from the holiday break! The THOR Collective returns with a cozy end-of-year reflection meets practitioner reality check, featuring special guest Alex Hurtado, content creator extraordinaire and voice behind Detection Engineering Dispatch. This December edition tackles the often-overlooked but crucial relationship between threat hunting and detection engineering – what Alex calls “the real people that actually just keep shit working.”Alex brings unique insights from her journey from SIEM analyst at ABC during the Rachel Bachelorette era (yes, monitoring for commercial interruptions during primetime TV) to becoming one of the voices in detection engineering content. The conversation dives deep into why detection engineering finally emerged as a distinct discipline, how vendor black-boxing forces teams to rebuild EDR rules in their SIEM, and why treating detections like production code with proper CICD pipelines is non-negotiable.From debating whether to ship detections in “warn mode” to discussing the nuclear option of deleting 50% of your detections tomorrow, this episode delivers unfiltered insights on building sustainable detection programs. Plus, Alex shares her Chicago neighborhood-to-SIEM comparison framework, the team debates worst detections as holiday decorations, and everyone agrees: quarterly detection reviews are a must, but alert volume as a KPI needs to go.⏱️ Episode Breakdown* 01:32 – Introductions* 03:00 – Alex’s journey: From ABC SIEM analyst to Detection Engineering thought leader* 06:02 – The gatekeeping problem in detection engineering* 10:26 – Icebreaker: Worst detection as a holiday decoration* 13:36 – Deep dive: What is detection engineering really?* 16:15 – Detection engineers beyond the SIEM* 18:01 – The problem with black-box EDR vendors* 20:35 – Hunting to Detection Engineering handoffs* 24:30 – Chaining behaviors vs. static indicators* 36:44 – Detection Engineering as Development (CICD, versioning, documentation)* 42:40 – Metrics that matter: Confusion matrices vs. alert volume* 47:30 – The nuclear option: Cutting 50% of detections* 49:30 – AI’s impact on detection engineering* 52:15 – Ship it or Scrap it rapid-fire* 55:06 – Must-reads and resources* 57:21 – 2025 wrap-up and 2026 preview🎤 Hosts & GuestLauren Proehl (Host) – Manager of the group whose worst detection is a creepy 85-year-old nutcracker from grandma that should’ve been recycled (like Log4J scanning alerts still firing).Sydney Marrone (Host) – Head of thrunting and threat hunting whose worst detection is a snow globe - stable until you make one edit and everything goes crazy with alerts.John Grageda (Host) – Red teamer who compares his worst detection to a Christmas tree with all lights constantly rotating in chaos, reminiscent of untuned Sourcefire IDS.Alex Hurtado (Special Guest) – Content creator, host of Detection Engineering Dispatch, and voice behind the State of Detection Engineering report. Former ABC SIEM analyst who monitored primetime TV for commercial interruptions.THOR Collective Dispatch is a reader-supported publication. To receive new posts and support our work, consider becoming a free or paid subscriber.🔗 Resources & MentionsKey Concepts Discussed* Detection Engineering Definition – “The real people that actually just keep shit working”* Detection as Code – Treating detections like production code with CICD pipelines* Versioning & Documentation – The critical importance of change logs and detection diaries* Chaining Behaviors – Moving beyond static indicators to correlated attack chains* Black-box Vendor Problem – Why teams rebuild EDR rules in SIEMs with FDR data* Critical Asset Prioritization – Starting with crown jewels when cutting detection noise* Confusion Matrices – True positive/false positive rates as quality metrics Resources* 2026 SANS Focus on Detection Engineering Survey* Alex Teixeira / Detect.FYI * Detection Engineering Weekly* Detections.ai* MITRE TTP Detections* Detection Engineering Dispatch📢 Call to Action* Follow Alex Hurtado on LinkedIn – For infographics and detection engineering insights* Subscribe to Detection Engineering Dispatch – Available on Apple Podcasts and Spotify* Participate in the State of DE Survey – Data collection phase is ongoing* Implement quarterly detection reviews – If you’re not doing this, start now* Document your detections – Leave them better than you found them* Write for THOR Collective – Always looking for new voices in thrunting, DE, SOC, and IR📬 Connect with THOR Collective🗣️ Social Media:* Twitter/X: @THOR_Collective* LinkedIn: THOR Collective* BlueSky: @thorcollective📧 Contact:Reach out through any social channel to contribute content, be a guest on the podcast, or share your detection engineering war stories Get full access to THOR Collective Dispatch at dispatch.thorcollective.com/subscribe

Ask-a-Thrunt3r: October 2025 - Logtoberfest Edition 🍺📝 Episode SummaryWelcome to Logtoberfest! The THOR Collective raises their glasses (and their log levels) for the most anticipated episode of the year, featuring special guest Damien Lewke, founder and CEO of Nebulock. This October edition tackles the burning question on every hunter’s mind: what does the future of threat hunting actually look like beyond the marketing hype and slick promo videos?Damien drops the mic with Nebulock’s mission to “democratize threat hunting”, making proactive security a right, not a privilege reserved for the few. The conversation dives deep into how agentic AI has already transformed the adversary landscape, blurring lines between nation-state actors and script kiddies while automating tailored access at scale. The crew explores the reality that while bad actors have gone fully agentic (as Anthropic’s August threat report confirmed), defenders are still stuck with yesterday’s tools.From debating whether AI agents are the future or just expensive autopilots, to discussing quantum computing’s threat timeline and the practicality of SOCs in virtual reality, this episode separates genuine innovation from vendor vaporware. Plus, Sydney drops knowledge on collaborative hunting platforms while John shares red team perspectives on AI-powered attack path mapping. Whether you’re a seasoned hunter or a SOC analyst looking to level up, this episode delivers the unfiltered truth about what’s coming in the next 12-24 months.THOR Collective Dispatch is a reader-supported publication. To receive new posts and support our work, consider becoming a free or paid subscriber.⏱️ Episode Breakdown* 01:10 – Welcome to Logtoberfest* 01:24 – Special guest introduction: Damien Lewke from Nebulock* 06:17 – Icebreaker: If your favorite log source were a beer, what style would it be?* 09:05 – Thrunt3r Spotlight* 10:58 – October Dispatch Highlights & community milestones* 28:00 - The future of threat hunting * 52:19 – Hype or Bust rapid-fire round* 57:46 – Giveaway announcement* 58:35 – Closing cheers to verbose logs and loud communities🎤 Hosts & GuestLauren Proehl (Host) – Manager of the group and self-proclaimed cautious AI optimist who’s evolved from “AI hater” to seeing genuine opportunity with mindful implementation.Sydney Marrone (Host) – Chief thrunter, recently joining Nebulock. Champion of removing gatekeeping from threat hunting and making it accessible to all skill levels.John Grageda (Host) – Red teamer bringing the adversarial perspective. Expert at hiding from endpoint detection (allegedly) and advocate for AI-powered attack path mapping.Damien Lewke (Special Guest) – Founder & CEO of Nebulock, middle child, and longtime listener turned guest. Building the agentic threat hunting platform to bridge the gap between elite hunters and aspiring analysts.🔗 Resources & MentionsOctober Dispatch Posts* Agentic Threat Hunting, Part 2: Starting a Hunt Repo by Sydney Marrone* Hunting Beyond Indicators by Sam Hanson* Aligning Risk Management and Threat-Informed Defense Practices (Part 1) by Micah VanFossenTools & Platforms Mentioned* Nebulock – Agentic threat hunting platform* Maltego* GPT-4 and Claude for detection engineering* Traditional SIEM platforms vs. next-gen alternativesCommunity Resources* Detection Engineering Weekly* Anthropic’s August 2025 threat report📢 Call to Action* Message THOR Collective on Discord – First responder after the episode wins Logtoberfest swag!* Share your log-to-beer pairing – Include your favorite log type and beer style for bonus points* Test drive AI hunting tools – Explore how agents can augment your current workflows* Document your baselines – Stable baselines are essential before implementing AI detection* Share your 2026 predictions – What do you think threat hunting will look like next year?* Join the AI debate – Are you team “cautious optimist” or team “show me the code”?* Upskill your SOC analysts – Consider platforms that lower the barrier to threat hunting📬 Connect with THOR Collective🗣️ Social Media:* Twitter/X: @THOR_Collective* LinkedIn: THOR Collective* BlueSky: @thorcollective📧 Contact:Reach out through any social channel for guest opportunities, hunt collaborations, or to share your thoughts on the future of threat hunting Get full access to THOR Collective Dispatch at dispatch.thorcollective.com/subscribe

📝 Episode SummaryBack to school, Thrunter style! The THOR Collective celebrates a massive milestone with 2,000 Dispatch subscribers while diving deep into the art and science of baselining. This September edition of Ask a Thrunt3r is all about getting back to basics – because you can’t find weird if you don’t know normal, as Sydney reminds us in her must-read post that kicked off the month’s baseline bonanza.The crew unpacks Sydney’s foundational work on baselining and Lauren’s epic 21-minute marathon post featuring 10 baseline hunts that’ll have you questioning everything you thought was “normal” in your environment. From mind-bending 3D visualization techniques for finding compromised workstations with math (yes, math!) to a browser extension exposé, this month’s content proves that sometimes the biggest threats hide in plain sight – or in that innocent-looking Chrome extension your users just installed.Looking ahead, the team tackles the future of hunt collaboration, debating the merits of Git repos, Jupyter notebooks, and AI assistants for threat hunting. Whether you’re team “data” or team “data” (spoiler: it sparked quite the debate), this episode delivers practical insights for hunters at every level. Plus, John is hiring a senior pen tester if you’re looking to cross over to the dark side!⏱️ Episode Breakdown01:10 – Welcome back to school02:09 – Job opportunity: Senior pen tester at Lumen (full remote, US-based)03:08 – Milestone celebration: 2,000 Dispatch subscribers! 🎉04:36 – Icebreaker07:09 – Thrunt3r Spotlights09:02 – September Dispatch Highlights28:10 – Future of Hunt Collaboration Discussion42:01 – Lightning Round: Would You Rather edition44:03 – Wheel of Spins45:56 – October preview: Logtoberfest & Future of Threat Hunting47:44 – Closing & happy thrunting🎤 HostsLauren Proehl (Host) – A director type who admits to wildcarding but is improving. Self-proclaimed energy drink enthusiast who turns inspiration into dissertations.Sydney Marrone (Host) – Principal threat hunter and the “thrunter of the group.” Baseline evangelist who kicked off September’s theme. Firm believer in the power of Git skills over Jira tickets.John Grageda (Host) – Red teamer celebrating 10 years at Lumen. Currently hiring a senior pen tester. Plans to retire wrapped in fiber cables and carried to the great cloud in the sky.🔗 Resources & MentionsSeptember Dispatch Posts📚 You Can’t Find Weird If You Don’t Know Normal by Sydney Marrone📊 Baseline Bonanza: 10 Baseline Hunts by Lauren Proehl🎯 Can’t Hide in 3D by Certis Foster🔒 Even if many plugins are fine, the bad ones are bad by John Tuckner💼 Beyond Hackers and Hoodies: A Project Manager’s Move into Cybersecurity by Courtney Shar♀️ Why We Need Women in Cybersecurity by Sydney Marrone & Cassandra MurphyTools & Technologies Mentioned* Jupyter Notebooks* GitHub/Git for collaboration and version control* GitKraken for local Git management* Threat Hunter Playbook (s/o @Cyb3rWard0g and @Cyb3rPandaH)* RBA (Risk-Based Alerting) techniques* BOTs dataset for testingCommunity Resources🔥 HEARTH Repository📬 The Dispatch Newsletter💬 THOR Collective Discord (paid subscribers)📢 Call to Action🎯 Submit your baseline hunt ideas to HEARTH📝 Share what Dispatch posts resonated with your current challenges🔮 Join us for Logtoberfest & the Future of Threat Hunting discussion💼 Interested in pen testing? Contact John about the Lumen opportunity🪙 Check your DMs if you’ve won a coin – Sydney’s waiting!📊 Try out the 15 baseline examples from Sydney & Lauren’s posts🎓 Add HEARTH contributions to your LinkedIn projects section📬 Connect with THOR Collective🗣️ Social Media:Twitter/X: @THOR_CollectiveLinkedIn: THOR CollectiveBlueSky: @thorcollective📧 Contact: Reach out through any social channel for guest post opportunities or hunt collaboration ideasNext Episode: October’s Logtoberfest - Deep dive into the future of threat hunting, AI integration, and strategic planning for 2026. Essential listening for decision-makers and team leads! Get full access to THOR Collective Dispatch at dispatch.thorcollective.com/subscribe

📝 Episode SummaryBack from the desert and (mostly) intact! The THOR Collective crew returns from Hacker Summer Camp with minimal tattoos and maximum insights in this August edition of Ask a Thrunt3r. We're diving deep into the post-DEF CON content dump, exploring everything from Brett's first-timer perspective to Damien's philosophical take on the evolving threat landscape in "The Quiet War."The team breaks down Q2's wildest attack vectors, from help desk social engineering to AI-powered supply chain attacks that'll make you side-eye every IDE extension. We tackle the big questions in this month’s Hunt Clinic: hypothesis vs. baseline hunts, lessons for newbie threat hunters, and the tools we wish everyone was using (spoiler: it's not always Splunk). Plus, we celebrate our growing community of 150+ new Thrunters and spotlight some incredible contributions to HEARTH and the Dispatch.Whether you're organizing your hunt ideas in 18 different places like Lauren or taking meticulous notes like Sydney, this episode's got the practical wisdom and chaotic energy to fuel your next threat hunting adventure.THOR Collective Dispatch is a reader-supported publication. To receive new posts and support our work, consider becoming a free or paid subscriber.⏱ Episode Breakdown* 00:00 – Welcome to Ask a Thrunter (August Edition)* 01:08 – Post-Hacker Summer Camp check-in & survival status* 02:00 – Welcome to 150+ new Thrunters* 02:44 – Team intros: Lauren, John, Sydney* 05:12 – Icebreaker: How do you organize your threat hunt ideas?* 08:04 – Community spotlight: Contributors & IRL meetups* 09:26 – Joshua Hines' epic Hearth submission (#048)* 14:18 – Dispatch Highlights begins* 14:39 – Brett Schoenwald's "From Noob to Woo" DEF CON recap* 17:00 – Damien Lewke’s "The Quiet War" on AI & threat evolution* 20:21 – Lauren's Q2FY25 From the Fire* 24:52 – Hunt Clinic Q&A: One lesson for your newbie threat hunter self* 31:16 – Hunt Clinic Q&A: Favorite hunting tool you wish more people used* 37:05 – Hunt Clinic Q&A: Hypothesis-driven vs. baseline-driven hunts* 39:59 – Wheel of Spins winner announcement* 41:52 – Wrap-up & call for guest contributors🎤 Hosts* Lauren Proehl (Host) – Global Head of Detection & Response at a Fortune 500 financial firm. Co-founder of THOR Collective. Self-proclaimed wildcard queen who doesn't care about money.* Sydney Marrone (Host) – Principal Threat Hunter at a major software company. Co-founder of THOR Collective. The "thrunter of the group" who hunts for work and fun.* John Grageda (Host) – Red Teamer celebrating 10 years at his current role. Co-founder of THOR Collective. Keeps everyone up at night with attack scenarios.🔗 Resources & Mentions* 📚 From Noob to Woo: My First DEF CON by Brett Schoenwald* 🎯 The Quiet War by Damien Lewke* 📊 From the Fire: Q2FY25 by Lauren Proehl* 🔥 HEARTH Hunt #048: Cisco AnyConnect on macOS by Joshua Hines* 🛠️ Sliver C2 Documentation* 🎬 DEF CON Media Server* 🧠 HEARTH📢 Call to Action* 💬 Join the THOR Collective Discord (paid subscribers get live Q&A access)* 📬 Subscribe to the Dispatch* 🎯 Submit your threat hunting content for future Dispatch features* ❓ Send your questions for the next Ask a Thrunt3rThanks for reading THOR Collective Dispatch! This post is public so feel free to share it.📬 Connect with THOR Collective* 🌐 thorcollective.com* 🗺️ Twitter/X: THOR_Collective* 💼 LinkedIn: THOR Collective Get full access to THOR Collective Dispatch at dispatch.thorcollective.com/subscribe

📝 Episode SummaryWe’re cutting it close but making it count! In this July edition of Ask a Thrunter, the crew drops into the studio right before Hacker Summer Camp kicks off to talk DEF CON plans, survival kit must-haves, and the latest Dispatch highlights. We’re joined by special guest Brett Schoenwald — designer, creative force, and the EDM + AI mastermind behind Elipscion — who’s making his DEF CON debut on the official artist lineup.We swap our earliest hacker con gear lists for today’s “we’re older and wiser” essentials (spoiler: electrolytes beat out bash bunnies), break down posts on time charting in Splunk, proving pen test impact, and AI-powered hunting, and preview the Thrunting Hotlist for DEF CON 33.The Hunt Clinic is open with subscriber questions on AI agents running hunts, our most toxic threat hunting traits, and what genre would soundtrack our latest investigations. Plus, Brett takes us behind the scenes of building his Hacker Summer Camp playlist and shares where to catch his Friday night set.If you’re headed to the desert or just want the next best thing, this episode’s your all-access pass.⏱ Episode Breakdown* 00:00 – Welcome to Ask a Thrunter (July Edition)* 01:10 – DEF CON countdown & Hacker Summer Camp theme* 02:01 – Shoutout to new, paid, and founding subscribers* 03:07 – Team intros: Lauren, John, Sydney, Brett* 05:03 – Icebreaker: Hacker Summer Camp survival kit must-haves* 07:33 – Dispatch Deep Cuts* 08:01 – Highlight: If You Like It, Put a Time Chart on It (Sydney)* 10:49 – Highlight: Make It Hurt (a little) (John)* 14:21 – Highlight: The Agentic Threat Hunter (Sydney)* 17:11 – Highlight: DEF CON 33 Thrunting Hotlist (Lauren)* 20:21 – What we’re excited to see at DEF CON* 23:12 – Brett’s upcoming DEF CON DJ set* 28:23 – Villages, parties, and can’t-miss events* 29:22 – Hunt Clinic Q&A: Would you let an AI run part of your hunt?* 33:28 – Hunt Clinic Q&A: Toxic threat hunting traits* 36:11 – Hunt Clinic Q&A: Soundtrack genres for your last hunt* 37:44 – Special guest chat: Brett Schoenwald (Ellipseon)* 46:32 – Wheel of Spins swag winner* 47:17 – Wrap-up & next episode previewTHOR Collective Dispatch is a reader-supported publication. To receive new posts and support our work, consider becoming a free or paid subscriber.🎤 Hosts & Guests* Lauren Proehl (Host) – Global Head of Detection & Response at a Fortune 500 financial firm. Co-founder of THOR Collective.* Sydney Marrone (Host) – Principal Threat Hunter at a major software company. Co-founder of THOR Collective.* John Grageda (Host) – Red Teamer and original member of THOR. Brings a purple team/red team lens to threat hunting. Co-founder of THOR Collective.* Brett Schoenwald (Guest) – Founder of ELIPSCION, DEF CON 33 performing artist, and official THOR Collective creative designer.🔗 Resources & Mentions🛠️ If You Like It, Put a Time Chart on It by Sydney Marrone💻 Make It Hurt (a little) by John Grageda🤖 The Agentic Threat Hunter by Sydney Marrone📋 DEF CON 33 Thrunting Hotlist by Lauren Proehl🎵 ELIPSCION DEF CON set on SoundCloud🎟️ DEF CON Party Listings – defconparties.org👕 THOR Collective merch – shop.thorcollective.com📢 Call to Action💬 Join the THOR Collective Discord (paid subscribers get live Q&A access)📬 Subscribe to the Dispatch🎯 Submit your threat hunting content for future Dispatch features👕 Rep your THOR pride with merch (code: THRUNT20)❓ Send your questions for the next Ask a ThrunterThanks for reading THOR Collective Dispatch! This post is public so feel free to share it.📬 Connect with THOR Collective* 🌐 thorcollective.com* 🗺️ Twitter/X: THOR_Collective* 💼 LinkedIn: THOR Collective Get full access to THOR Collective Dispatch at dispatch.thorcollective.com/subscribe

🎧 Episode Title:Ask-a-Thrunter: June 2025 Recap 🐏🗓️ Release Date:June 2025📝 Episode SummaryThe thrunters are back in high definition! In this June edition of Ask a Thrunter, the crew settles into a new virtual podcast studio, dishes out Dispatch Deep Cuts, and unveils a massive revamp to HEARTH, our collaborative GitHub project for threat hunting hypotheses.We talk about our favorite (and most frustrating) log sources, how AI and automation are reshaping contribution workflows, and get real about visibility gaps in Chrome extensions. The Hunt Clinic is open with subscriber questions on Python notebooks for hunting, dream hunts that never got enough data, and our unanimous answer to “What tool would you kill in your stack?”If you love chaos, practical tips, and community-powered threat hunting, you’re in the right place.⏱️ Episode Breakdown* 00:00 – Welcome to Ask a Thrunter (June Edition)* 01:18 – Team intros: John, Sydney, Lauren* 03:11 – DEF CON DJ meetup plans to see Brett (8PM local on 8/8)* 03:51 – Shoutout to free, paid, and founding subscribers* 05:28 – Icebreaker: Logs we love (and hate)* 08:25 – HEARTH gets a full revamp: new frontend, database, auto-submission from CTI* 12:05 – Leaderboard unveiled + swag potential* 15:40 – Dispatch Deep Cuts* 16:22 – Highlight: From the Fire Q1 FY25 (Lauren)* 18:45 – Highlight: If I Were a Threat Hunter (Jordan Hind)* 23:56 – Highlight: Red With Benefits (John)* 26:48 – Shoutouts: Plugin & Extension Hunt (Sydney), Misinformation and the Intel Cycle (Sherpa), Purple Teaming the Fallout (John)* 31:08 – Ask a Thrunter* 31:42 – Ask a Thrunter: Hunts we wish we could do* 33:38 – Ask a Thrunter: Python notebooks + PEAK* 35:43 – Ask a Thrunter: One tool to kill in your stack* 36:50 – Giveaway winner* 41:37 – Wrap up & see you next month!🎤 Hosts & Guests* Lauren Proehl (Host) – Global Head of Detection & Response at a Fortune 500 financial firm. Co-founder of THOR Collective.* Sydney Marrone (Host) – Principal Threat Hunter at a major software company. Co-founder of THOR Collective.* John Grageda (Host) – Red Teamer and original member of THOR. Brings a purple team/red team lens to threat hunting. Co-founder of THOR Collective.🔗 Resources & Mentions* 🛠️ HEARTH GitHub Project* 🔥 From the Fire Q1 FY25 by Lauren Proehl* 👀 If I Were a Threat Hunter by Jordan Hind* 💻 Red With Benefits by John Grageda* 🧩 Your Plugins and Extensions Are (Probably) Fine. Hunt Them Anyway by Sydney Marrone* 🧠 Don't Let Mis(s) Information Take the Crown by Sherpa Intelligence* ⚙️ Purple Teaming the Fallout: A Red Team Perspective on U.S. Infrastructure Risks Amid Israel-Iran Conflict by John Grageda* 🎵 THOR Collective soundtrack brought to you by ELIPSCION (Brett)📢 Call to Action* 💬 Join the THOR Collective Discord (paid subscribers get access to live Q&A)* 📬 Subscribe to the Dispatch* 📝 Submit to HEARTH using your favorite CTI source* 👕 Rep your THOR pride with merch (code: THRUNT20)* ❓ Send your questions in for July’s Ask a Thrunter!📬 Connect with THOR Collective* 🌐 thorcollective.com* 🗺️ Twitter/X: THOR_Collective* 💼 LinkedIn: THOR Collective Get full access to THOR Collective Dispatch at dispatch.thorcollective.com/subscribe

🎧 Episode Title:Ask-a-Thrunter: May 2025 Recap 🐏🗓️ Release Date:May 2025📝 Episode SummaryIn this episode of Ask a Thrunter, we’re catching up on the best of May and making up for missing our usual THORsday slot (thanks, Broadway). We finally do proper introductions and shout out two of our favorite Dispatch posts: one on SOC personality dynamics and another on integrating AI into your hunt workflows.We debate whether threat hunters should be using AI, share our hottest takes (and horror stories) on LLMs, and talk about risk, tooling, and practicality when bringing generative AI into real-world hunting. There's a surprise drop you won't want to miss, and we close things out with a fantastic paid subscriber Q&A from Austin that covers rule validation, detection review cadences, and PEAK framework nuances.If you like a little chaos with your cyber, you’re in the right place.⏱️ Episode Breakdown* 00:00 – Intro & Broadway vs. THORsday* 02:03 – Team introductions: Lauren, Sydney, and John* 05:57 – Episode overview* 07:10 – Dispatch highlights begin* 07:30 – Dispatch pick: Quiet, Loud, and in the Log Files by Alex Hurtado * 12:24 – Dispatch pick: AI Is My Bestie by Lauren Proehl* 14:11 – Claude AI hallucinations * 17:49 – Should threat hunters use AI?* 19:28 – Should orgs block access to LLM tools like Claude and Copilot?* 22:37 – AI integrated in supply chain* 24:01 – Giveaway winner announcement* 25:05 – Ask a Thrunter Q&A * 26:51 – Rule and detection validation question* 30:27 – Defining queries from the PEAK template question* 34:16 – Detection lifecycle validation question* 37:19 – Alert vs event vs incident question* 39:43 – Special announcement* 39:59 – THOR Supply Shop announcement – use code THRUNT20 for 20% off!* 41:41 – We love Brett!* 43:28 – Outro🎤 Hosts & Guests* Lauren Proehl (Host) – Global Head of Detection & Response at a Fortune 500 financial firm. Co-founder of THOR Collective.* Sydney Marrone (Host) – Principal Threat Hunter at a major software company. Co-founder of THOR Collective.* John Grageda (Host) – Red Teamer and original member of THOR. Brings a purple team/red team lens to threat hunting. Co-founder of THOR Collective.🔗 Resources & Mentions* 🧵 Quiet, Loud and in the Log Files by Alex Hurtado* 🧠 AI is My Bestie by Lauren Proehl* 🧪 Red Canary Atomic Red Team* 🧑‍🏫 PEAK Threat Hunting Framework* 💬 Anthropic’s report on Claude abuse by threat actors* 👕 THOR Collective Merch Store – use code THRUNT20 for 20% off* 🎵 THOR Collective soundtrack brought to you by ELIPSCION (Brett)📢 Call to Action* 💬 Join the THOR Collective Discord (paid subscribers get access to live Q&A)* 📬 Subscribe to the Dispatch* 🧵 Submit your questions for June's Ask-a-Thrunter* 👕 Use THRUNT20 at shop.thorcollective.com for merch!📬 Connect with THOR Collective* 🌐 thorcollective.com* 🗺️ Twitter/X: THOR_Collective* 💼 LinkedIn: THOR Collective Get full access to THOR Collective Dispatch at dispatch.thorcollective.com/subscribe

What happens when you put a bunch of threat hunters in a Discord call and ask them questions?* Watch the replay of our first Ask-a-Thrunter—exclusively from the THOR Collective Discord* Want in on the next live one? Paid subscribers get access, live Q&A privileges, and a shot at monthly giveaways.THOR Collective Dispatch is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.THOR Collective Dispatch is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber. Get full access to THOR Collective Dispatch at dispatch.thorcollective.com/subscribe