Home / Services / Threat Hunting

Threat Hunting

Hypothesis-driven hunts for threats your detections missed

Request a Quote View all services
Threat Hunting ASSESSMENT
2
CRITICAL
6
HIGH
11
MEDIUM
5
LOW
External perimeter testingPASSED
Application security testingPASSED
Remediation verificationIN PROGRESS
Final report deliveryPENDING
Overview

What This Engagement Covers

A comprehensive assessment tailored to your environment.

Proactive, analyst-driven hunts through your telemetry looking for adversary activity that automated detections did not catch. Mapped to MITRE ATT&CK, delivered as both findings and reusable detections.

Our Process

What We Test & How

What We Test

Targeted hunts across EDR telemetry, identity logs, cloud audit logs, DNS, proxy, and email — organized around concrete hypotheses tied to ATT&CK techniques and recent threat intel.

Our Approach

Quarterly or monthly hunt campaigns with published hypotheses, executed by senior analysts, delivering written narratives, IOCs, and SIEM/EDR detection content ready to deploy.

Deliverables

What You'll Receive

Everything included in your engagement report.

Campaign-scoped hunt hypotheses

Written hunt narrative and findings

IOCs discovered and scope of impact

Deployable detection content

MITRE ATT&CK coverage report

Executive summary per campaign

Methodology

Our Testing Methodology

A structured approach to identifying and validating vulnerabilities.

1

Hypothesis development from threat intel

2

Data source validation

3

Analyst-driven querying

4

Finding triage and escalation

5

Detection content authoring

6

Campaign retrospective and handoff

Findings

Common Vulnerabilities We Find

Typical security issues discovered during this type of engagement.

Living-off-the-land binary abuse Persistence via scheduled tasks Suspicious OAuth grants Anomalous service account behavior Covert C2 over legitimate services Dormant backdoors
Who It's For

Ideal For

Organizations with strong telemetry
Teams wanting ATT&CK coverage metrics
High-risk industries (finance, critical infra)
Post-incident validation
Compliance

Standards We Support

SOC 2 NIST CSF PCI-DSS HIPAA ISO 27001

Ready to Get Started?

$14,000 per campaign

Typical engagement: Campaign-based (2-6 weeks per campaign)

Request a Quote
More Services

Explore Other Services

Complementary security engagements for comprehensive coverage.

Web Application Penetration Testing

Comprehensive security assessments of your web applications

Starting at $7,500 Learn more

API Penetration Testing

Secure your REST, GraphQL, and SOAP APIs

Starting at $7,500 Learn more

Active Directory & Domain Penetration Testing

Assess your Windows domain infrastructure security

Starting at $10,000 Learn more
Why Us

Why Lorikeet Security

Certified Experts

OSCP, OSCE, CEH, GPEN certified professionals

Auditor Ready

Reports designed for compliance audits

Free Retesting

Validate fixes at no additional cost

Expert Support

Direct access to testing team during remediation

Lory waving

Hi, I'm Lory! Need help finding the right service? Click to chat!