November gave us peak chaos energy in the best way. Analysts chased Modbus gremlins, purple teams fought the environment instead of the adversary, and Taylor’s Version made an appearance in the Autonomous SOC conversation. Whether you’re here for the templates, the TTP breakdowns, or the memes, this month’s Dispatch delivered nothing but signal.

Here are this month’s 6 Dispatch posts:

• Ask-a-Thrunt3r: October 2025 Logtoberfest Edition

  The THOR Collective’s October Ask-a-Thrunt3r episode with guest Damien Lewke from Nebulock discusses democratizing threat hunting and the impact of agentic AI on cybersecurity, separating genuine innovation from vendor hype. Cybersecurity professionals can gain insights on the future of threat hunting and the importance of upskilling SOC analysts for the evolving landscape.

  By Lauren Proehl

• Hunting Beyond Indicators - Part 2

  The post discusses the benefits of hunting based on behaviors rather than indicators in cybersecurity. By focusing on specific TTPs like SCADA Python scripts and Modbus protocols, analysts can uncover novel threats that may not be widely known, emphasizing the importance of understanding the threat landscape and using creativity in hunting strategies. By utilizing tools like PyLingual and Yara rules, analysts can efficiently triage and analyze suspicious files for potential threats.

  By Sam Hanson

• The Autonomous SOC (Taylor’s Version)

  The evolution towards an autonomous SOC is driven by the increasing complexity of cyber threats, the need for efficiency due to talent shortages, and the maturation of defensive AI. While automation is crucial, maintaining strong foundational processes and avoiding biases in AI training data are essential for success. The future of the SOC involves elevated roles for human analysts in proactive security, AI training, and business risk translation.

  By Sydney Marrone and Kassandra Murphy

• The PEAK Threat Hunting Template You’ll Wish You Had Sooner

  The THOR Collective Dispatch provides a threat hunting template based on the PEAK Threat Hunting Framework, emphasizing the importance of structured documentation for collaborative, repeatable hunts. The template includes sections for scoping, queries, visualizations, detection logic, findings, response, lessons learned, and knowledge sharing, making it AI-friendly and versatile for current and future threat hunting efforts. Get the template from the Google Doc or GitHub to enhance your team’s skillset.

  By Sydney Marrone

• Purple Teaming in the Real World: When Everything Goes Off the Rails (and That’s Normal)

  Purple teaming rarely goes as planned, with delays, permissions issues, and unexpected blockers being common. Cybersecurity professionals should expect chaos, make buffer time, validate access early, break requests into small chunks, test in whatever order possible, and document blockers as findings to navigate real-world engagements effectively.

  By John Grageda

• Aligning Risk Management and Threat-Informed Defense Practices (Part 2)

  Aligning GRC with threat-informed defense practices can improve organizational cybersecurity by creating a proactive, holistic strategy. Combining compliance frameworks with threat knowledge can help organizations understand risks, implement controls, achieve compliance, and detect real-life attacks. Before integrating GRC with threat-informed defense, organizations need upper management support, honesty about maturity levels, and the right personnel and tools in place.

  By Micah VanFossen

Stay tuned for more thrunting wisdom next month!