The Garuda Threat Hunting Framework, released at DEF CON 2025, is a PowerShell-based framework designed to simplify manual threat hunting. It allows you to correlate, filter, and investigate Sysmon events efficiently. In this video, I demonstrate how to install Garuda, explore its key features, and perform a step-by-step hunt of a Living-off-the-Land (LoLbin) attack using real telemetry data. If you’re interested in learning how to use Garuda effectively for endpoint investigations and enhance your manual hunting skills, watch the full video here:
In case you missed my previous video on how Garuda integrates with LLM to perform AI-powered threat hunting, here is the video:
