THOR Collective Dispatch

🎧 Episode Title:

Ask-a-Thrunter: May 2025 Recap 🐏

🗓️ Release Date:

May 2025

📝 Episode Summary

In this episode of Ask a Thrunter, we’re catching up on the best of May and making up for missing our usual THORsday slot (thanks, Broadway). We finally do proper introductions and shout out two of our favorite Dispatch posts: one on SOC personality dynamics and another on integrating AI into your hunt workflows.

We debate whether threat hunters should be using AI, share our hottest takes (and horror stories) on LLMs, and talk about risk, tooling, and practicality when bringing generative AI into real-world hunting. There's a surprise drop you won't want to miss, and we close things out with a fantastic paid subscriber Q&A from Austin that covers rule validation, detection review cadences, and PEAK framework nuances.

If you like a little chaos with your cyber, you’re in the right place.

⏱️ Episode Breakdown

• 00:00 – Intro & Broadway vs. THORsday

• 02:03 – Team introductions: Lauren, Sydney, and John

• 05:57 – Episode overview

• 07:10 – Dispatch highlights begin

• 07:30 – Dispatch pick: Quiet, Loud, and in the Log Files by Alex Hurtado

• 12:24 – Dispatch pick: AI Is My Bestie by Lauren Proehl

• 14:11 – Claude AI hallucinations

• 17:49 – Should threat hunters use AI?

• 19:28 – Should orgs block access to LLM tools like Claude and Copilot?

• 22:37 – AI integrated in supply chain

• 24:01 – Giveaway winner announcement

• 25:05 – Ask a Thrunter Q&A

• 26:51 – Rule and detection validation question

• 30:27 – Defining queries from the PEAK template question

• 34:16 – Detection lifecycle validation question

• 37:19 – Alert vs event vs incident question

• 39:43 – Special announcement

• 39:59 – THOR Supply Shop announcement – use code THRUNT20 for 20% off!

• 41:41 – We love Brett!

• 43:28 – Outro

🎤 Hosts & Guests

• Lauren Proehl (Host) – Global Head of Detection & Response at a Fortune 500 financial firm. Co-founder of THOR Collective.

• Sydney Marrone (Host) – Principal Threat Hunter at a major software company. Co-founder of THOR Collective.

• John Grageda (Host) – Red Teamer and original member of THOR. Brings a purple team/red team lens to threat hunting. Co-founder of THOR Collective.

🔗 Resources & Mentions

• 🧵 Quiet, Loud and in the Log Files by Alex Hurtado

• 🧠 AI is My Bestie by Lauren Proehl

• 🧪 Red Canary Atomic Red Team

• 🧑‍🏫 PEAK Threat Hunting Framework

• 💬 Anthropic’s report on Claude abuse by threat actors

• 👕 THOR Collective Merch Store – use code THRUNT20 for 20% off

• 🎵 THOR Collective soundtrack brought to you by ELIPSCION (Brett)

📢 Call to Action

• 💬 Join the THOR Collective Discord (paid subscribers get access to live Q&A)

• 📬 Subscribe to the Dispatch

• 🧵 Submit your questions for June's Ask-a-Thrunter

• 👕 Use THRUNT20 at shop.thorcollective.com for merch!

📬 Connect with THOR Collective

• 🌐 thorcollective.com

• 🗺️ Twitter/X: THOR_Collective

• 💼 LinkedIn: THOR Collective

Leave a comment