Fixed markdown formattings of headlines

hunts/analyze_producer_consumer_ratio.md

@@ -1,4 +1,4 @@
-#Producer-Consumer Ratio for Detecting Data Exfiltration
+# Analyze Producer-Consumer Ratio for Detecting Data Exfiltration
 
 **Purpose**: Find changes in traffic flows that indicate exfil
 

hunts/beacon_detection_via_intra_request_time_deltas.md

@@ -1,4 +1,4 @@
-#Beacon Detection via Intra-Request Time Deltas
+# Beacon Detection via Intra-Request Time Deltas
 
 **Purpose**: Find regular HTTP beaconing behavior which may indicate malware C2
 

hunts/checking-how-outsiders-see-you.md

@@ -1,4 +1,4 @@
-#Checking How Outsiders See You
+# Checking How Outsiders See You
 
 **Purpose**: Determine whether any of your web sites are serving malware by using third party opinions
 

hunts/dynamic_dns_c2.md

@@ -1,4 +1,4 @@
-#C2 via Dynamic DNS 
+# C2 via Dynamic DNS 
 
 **Purpose**: Identify potential C2 activity
 

hunts/http_uri_analysis.md

@@ -1,4 +1,4 @@
-#Finding the Unknown with HTTP URIs
+# Finding the Unknown with HTTP URIs
 
 **Purpose**: Identify things signatures have not been created for in relation to network traffic behavior. 
 

hunts/http_user_agent_analysis.md

@@ -1,4 +1,4 @@
-#HTTP User-Agent Analysis
+# HTTP User-Agent Analysis
 
 **Purpose**: Identify malware by analyzing the User-Agent strings they present
 

hunts/internet_facing_http_request_analysis.md

@@ -1,4 +1,4 @@
-#Internet-Facing HTTP Request Analysis
+# Internet-Facing HTTP Request Analysis
 
 **Purpose**: Identify common patterns of HTTP-based attacks
 

hunts/lateral_movement_detection_via_process_monitoring.md

@@ -1,4 +1,4 @@
-#Lateral Movement Detection via Process Monitoring
+# Lateral Movement Detection via Process Monitoring
 
 **Purpose**
 

hunts/net_session_c2.md

@@ -1,4 +1,4 @@
-#Finding C2 in Network Sessions
+# Finding C2 in Network Sessions
 
 **Purpose**
 
@@ -26,4 +26,4 @@ C2 can appear anywhere in the stacked results, but as a start, it may be useful
 
 **More Info**
 
-_None at this time._
+_None at this time._

hunts/ntfs_extended_attribute_analysis.md

@@ -1,4 +1,4 @@
-#NTFS Extended Attribute Analysis
+# NTFS Extended Attribute Analysis
 
 **Purpose**: Identify data hiding in extended attributes on files in an NTFS filesystem, which are otherwise rarely used.  
 

hunts/privileged-group-tracking.md

@@ -1,4 +1,4 @@
-#Privileged Group Tracking
+# Privileged Group Tracking
 
 **Purpose**
 

hunts/psexec-windows-events.md

@@ -1,4 +1,4 @@
-#Psexec Windows Events
+# Psexec Windows Events
 
 **Purpose**: 
 Find instances of psexec service (remote command execution) on Windows sytems by examining event logs pertaining to access control for remote shares.

hunts/ram_dumping.md

@@ -1,4 +1,4 @@
-#RAM Dumping
+# RAM Dumping
 
 **Purpose**: Examine memory dumps of an individual system, looking for signs of malware or other malicious activities
 

hunts/rdp_external_access.md

@@ -1,4 +1,4 @@
-#RDP External Access
+# RDP External Access
 
 **Purpose**: Identify abnormal incoming RDP requests 
 

hunts/rogue_listeners.md

@@ -1,4 +1,4 @@
-#Search for Rogue Listeners
+# Search for Rogue Listeners
 
 **Purpose**: Find malicious programs that are listening to network ports
 

hunts/shimcache_amcache.md

@@ -1,4 +1,4 @@
-#Shimcache/Amcache
+# Shimcache/Amcache
 
 **Purpose**: Identify potential malware by finding "rare" binaries executed across endpoints.
 
@@ -21,4 +21,4 @@ Stack count the filenames and/or directory paths to find rare files executed, ra
 - [ShimCacheParser](https://github.com/mandiant/ShimCacheParser), Mandiant
 - [amcache.py](https://gist.github.com/williballenthin/ee512eacb672320f2df5#file-amcache_py_examples-md), Will Ballenthin
 - [Intrusion Hunting for the Masses](https://www.youtube.com/watch?v=YLgycMCPo4c), David Sharpe (HackMiami 2016)
-- [ShimShady: Live Investigations of the Application Compatibility Cache](https://www.fireeye.com/blog/threat-research/2015/10/shim_shady_live_inv.html), Fred House, Claudiu Teodorescu, Andrew Davis (FireEye)
+- [ShimShady: Live Investigations of the Application Compatibility Cache](https://www.fireeye.com/blog/threat-research/2015/10/shim_shady_live_inv.html), Fred House, Claudiu Teodorescu, Andrew Davis (FireEye)

hunts/suspicious_process_creation_via_windows_event_logs.md

@@ -1,4 +1,4 @@
-#Suspicious Process Creation via Windows Event Logs
+# Suspicious Process Creation via Windows Event Logs
 
 **Purpose**
 

hunts/windows_autoruns_analysis.md

@@ -1,4 +1,4 @@
-#Autoruns Analysis
+# Autoruns Analysis
 
 **Purpose**: Find malware persistence by examining common mechanisms across a network
 

hunts/windows_driver_analysis.md

@@ -1,4 +1,4 @@
-#Windows Driver Analysis
+# Windows Driver Analysis
 
 **Purpose**: Find malware running in Windows drivers across a network
 

hunts/windows_prefetch_cache_analysis.md

@@ -1,4 +1,4 @@
-#Windows Prefetch Cache Analysis
+# Windows Prefetch Cache Analysis
 
 **Purpose**: Identify malware or other suspicious executables that ran on a system.
 

hunts/windows_service_analysis.md

@@ -1,4 +1,4 @@
-#Windows Service Analysis
+# Windows Service Analysis
 
 **Purpose**: Find suspicious Windows services running across a network