\documentclass[10pt,a4paper]{article}

% Packages
\usepackage{fancyhdr}           % For header and footer
\usepackage{multicol}           % Allows multicols in tables
\usepackage{tabularx}           % Intelligent column widths
\usepackage{tabulary}           % Used in header and footer
\usepackage{hhline}             % Border under tables
\usepackage{graphicx}           % For images
\usepackage{xcolor}             % For hex colours
%\usepackage[utf8x]{inputenc}    % For unicode character support
\usepackage[T1]{fontenc}        % Without this we get weird character replacements
\usepackage{colortbl}           % For coloured tables
\usepackage{setspace}           % For line height
\usepackage{lastpage}           % Needed for total page number
\usepackage{seqsplit}           % Splits long words.
%\usepackage{opensans}          % Can't make this work so far. Shame. Would be lovely.
\usepackage[normalem]{ulem}     % For underlining links
% Most of the following are not required for the majority
% of cheat sheets but are needed for some symbol support.
\usepackage{amsmath}            % Symbols
\usepackage{MnSymbol}           % Symbols
\usepackage{wasysym}            % Symbols
%\usepackage[english,german,french,spanish,italian]{babel}              % Languages

% Document Info
\author{Nourelhouda Bensiali (Nourelhouda)}
\pdfinfo{
  /Title (threat-hunting.pdf)
  /Creator (Cheatography)
  /Author (Nourelhouda Bensiali (Nourelhouda))
  /Subject (Threat Hunting Cheat Sheet)
}

% Lengths and widths
\addtolength{\textwidth}{6cm}
\addtolength{\textheight}{-1cm}
\addtolength{\hoffset}{-3cm}
\addtolength{\voffset}{-2cm}
\setlength{\tabcolsep}{0.2cm} % Space between columns
\setlength{\headsep}{-12pt} % Reduce space between header and content
\setlength{\headheight}{85pt} % If less, LaTeX automatically increases it
\renewcommand{\footrulewidth}{0pt} % Remove footer line
\renewcommand{\headrulewidth}{0pt} % Remove header line
\renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit
% This two commands together give roughly
% the right line height in the tables
\renewcommand{\arraystretch}{1.3}
\onehalfspacing

% Commands
\newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour
\newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols
\newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns
\newcommand{\tn}{\tabularnewline} % Required as custom column type in use

% Font and Colours
\definecolor{HeadBackground}{HTML}{333333}
\definecolor{FootBackground}{HTML}{666666}
\definecolor{TextColor}{HTML}{333333}
\definecolor{DarkBackground}{HTML}{6A58A3}
\definecolor{LightBackground}{HTML}{F5F4F9}
\renewcommand{\familydefault}{\sfdefault}
\color{TextColor}

% Header and Footer
\pagestyle{fancy}
\fancyhead{} % Set header to blank
\fancyfoot{} % Set footer to blank
\fancyhead[L]{
\noindent
\begin{multicols}{3}
\begin{tabulary}{5.8cm}{C}
    \SetRowColor{DarkBackground}
    \vspace{-7pt}
    {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent
        \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}}
    }
\end{tabulary}
\columnbreak
\begin{tabulary}{11cm}{L}
    \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{Threat Hunting Cheat Sheet}}}} \\
    \normalsize{by \textcolor{DarkBackground}{Nourelhouda Bensiali (Nourelhouda)} via \textcolor{DarkBackground}{\uline{cheatography.com/191559/cs/39810/}}}
\end{tabulary}
\end{multicols}}

\fancyfoot[L]{ \footnotesize
\noindent
\begin{multicols}{3}
\begin{tabulary}{5.8cm}{LL}
  \SetRowColor{FootBackground}
  \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}}  \\
  \vspace{-2pt}Nourelhouda Bensiali (Nourelhouda) \\
  \uline{cheatography.com/nourelhouda} \\
  \end{tabulary}
\vfill
\columnbreak
\begin{tabulary}{5.8cm}{L}
  \SetRowColor{FootBackground}
  \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}}  \\
   \vspace{-2pt}Published 28th February, 2024.\\
   Updated 28th February, 2024.\\
   Page {\thepage} of \pageref{LastPage}.
\end{tabulary}
\vfill
\columnbreak
\begin{tabulary}{5.8cm}{L}
  \SetRowColor{FootBackground}
  \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}}  \\
  \SetRowColor{white}
  \vspace{-5pt}
  %\includegraphics[width=48px,height=48px]{dave.jpeg}
  Measure your website readability!\\
  www.readability-score.com
\end{tabulary}
\end{multicols}}




\begin{document}
\raggedright
\raggedcolumns

% Set font size to small. Switch to any value
% from this page to resize cheat sheet text:
% www.emerson.emory.edu/services/latex/latex_169.html
\footnotesize % Small font.

\begin{multicols*}{2}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Introduction}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{The ability to block sophisticated threats improves each year, but we face determined and creative adversaries whose techniques evolve just as quickly . therefore organizations need to deploy  another layer of defense to proactively detect threat actors before they can actually do any damage to their environment .% Row Count 7 (+ 7)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{What is threat hunting ?}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network  {\bf{unknown}} threat  that aren't detected by current automated methods of prevention and detection .  \newline % Row Count 5 (+ 5)
{\emph{we assume that an adversary is already present in the network }}% Row Count 7 (+ 2)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Why threat hunting ?}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{- Threat hunting help organization reduce the {\bf{dwell time }}  \newline % Row Count 2 (+ 2)
 - Threat hunting help in identifying  the threat  within the organization's asset {\bf{ before any damage can be done }}% Row Count 5 (+ 3)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Threat Hunting Maturity Model-1}}  \tn
\SetRowColor{LightBackground}
\mymulticolumn{1}{p{8.4cm}}{\vspace{1px}\centerline{\includegraphics[width=5.1cm]{/web/www.cheatography.com/public/uploads/nourelhouda_1691443458_Screen Shot 2023-07-25 at 7.07.00 PM.png}}} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{Threat Hunting Maturity Model can help organizations measure their current maturity and provide a roadmap for improvement. The maturity levels start from a {\bf{ non-existing }} (initial) stage to a {\bf{fully }} matured level (leading).}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{x{3.12 cm} x{4.88 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Threat Hunting Maturity Model-2}}  \tn
% Row 0
\SetRowColor{LightBackground}
{\bf{Initial {\emph{(Level 0)}} }} & At this level the organization cover only the basics , they rely on detection ({\emph{example  : SIEM }}). They are not considered hunting because they don't collect much data from their environment. \tn 
% Row Count 9 (+ 9)
% Row 1
\SetRowColor{white}
{\bf{Minimal {\emph{(Level 1)}} }} & They still rely on detection and  they track the latest threat report and collect the data from their environment into central location , so one there is new  threat report they can extract key indicator and search if they have been seen before in the recent past  in  their environment  ({\emph{they don't have regular threat hunting routine}}) \tn 
% Row Count 24 (+ 15)
% Row 2
\SetRowColor{LightBackground}
{\bf{Procedural {\emph{(Level 2)}}}} & They usually collect large amount of data , the organization at this level uses procedures available on the internet  created by others ({\emph{they have regular threat hunting routine}} ) \tn 
% Row Count 32 (+ 8)
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{8.4cm}{x{3.12 cm} x{4.88 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Threat Hunting Maturity Model-2 (cont)}}  \tn
% Row 3
\SetRowColor{LightBackground}
{\bf{Innovative {\emph{(Level 3)}}}} & The organization instead of relying on available procedures , they are the ones who creates the procedures  ({\emph{it's aided by data visualization and machine learning}} ) \tn 
% Row Count 7 (+ 7)
% Row 4
\SetRowColor{white}
{\bf{Leading {\emph{(Level 4)}} }} & They automate the majority of procedures ( {\emph{instead of repeating the same process over and over again  they can focus on creating new ones  }}) \tn 
% Row Count 13 (+ 6)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{8.4cm}}{{\bf{NOTE }}: The Hunting Maturity Model is just a prescriptive model, the  organizations does not have to fit into one level ,  sometimes they are at varying levels of capabilities}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Threat Hunting Frameworks}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{Frameworks  can be a  foundation for the threat hunters when starting their hunting process.% Row Count 2 (+ 2)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Cyber Attack Life Cycle}}  \tn
\SetRowColor{LightBackground}
\mymulticolumn{1}{p{8.4cm}}{\vspace{1px}\centerline{\includegraphics[width=5.1cm]{/web/www.cheatography.com/public/uploads/nourelhouda_1691444762_cyber_attack_lifecycle.jpeg}}} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{The process by which sophisticated cyber attacks are conducted {\emph{(help in understand how a cyber attack happens from the perspective of an adversary)}}}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Pyramid Of Pain}}  \tn
\SetRowColor{LightBackground}
\mymulticolumn{1}{p{8.4cm}}{\vspace{1px}\centerline{\includegraphics[width=5.1cm]{/web/www.cheatography.com/public/uploads/nourelhouda_1691450189_Screen Shot 2023-08-08 at 12.15.10 AM.png}}} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{The relationship between the types of indicators you might use to detect an adversary's activities and how much pain it will cause them when you are able to deny those indicators to them  {\emph{(help in Measuring the effectiveness of indicators we use in threat hunting )}}}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Cyber kill Chain}}  \tn
\SetRowColor{LightBackground}
\mymulticolumn{1}{p{8.4cm}}{\vspace{1px}\centerline{\includegraphics[width=5.1cm]{/web/www.cheatography.com/public/uploads/nourelhouda_1691444585_Screen Shot 2023-08-07 at 10.42.48 PM.png}}} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{The steps that an attacker needs to take in order  achieve their objective}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Mitre Attack}}  \tn
\SetRowColor{LightBackground}
\mymulticolumn{1}{p{8.4cm}}{\vspace{1px}\centerline{\includegraphics[width=5.1cm]{/web/www.cheatography.com/public/uploads/nourelhouda_1691444661_Screen Shot 2023-08-07 at 10.43.50 PM.png}}} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{Knowledge base for attackers tactics  technique and procedures {\emph{(It is alternative for cyber kill chain with more details) }}}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{x{3.92 cm} x{4.08 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Threat Hunting Methodologies}}  \tn
% Row 0
\SetRowColor{LightBackground}
{\bf{IOCS based threat hunting  }} & The threat hunter use IOCs  from threat intel feeds ,It is performed once the SIEM has an alert based on IOCs in the system , they  investigate the activity before and after the alert to identify any compromise in the environment  {\emph{( This hunting requires someone in the community to  identify the IOC and share it )}} \tn 
% Row Count 16 (+ 16)
% Row 1
\SetRowColor{white}
{\bf{ Hypothesis based threat hunting  }} & Threat hunters Create hypotheses  ,  they  monitor activities for any patterns in order to detect the threat . In this way, the hunter is able to proactively detect threat actors before they can actually do  any damage to the environment . To create the hypothesis , the hunter can base on :              {\emph{1-  Create hypothesis base on new shared threat report of new information about a new threat  , so they  create a  hypothesis and hunt based on it  to make sure that the new threat is not infected their organization in particular.}}            {\emph{ 2-   Threat hunter learn about an attack  and try to hunt for any indicator of the attack in their environment. }}           {\emph{ 3 -   Threat hunter start directly from the data and try to find anything malicious.}} \tn 
% Row Count 55 (+ 39)
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{8.4cm}{x{3.92 cm} x{4.08 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Threat Hunting Methodologies (cont)}}  \tn
% Row 2
\SetRowColor{LightBackground}
{\bf{Anomaly based threat hunting}} & Leveraging machine learning  to detect abnormal behavior and uncover new threat patterns \tn 
% Row Count 5 (+ 5)
% Row 3
\SetRowColor{white}
{\bf{Situational based threat hunting }} & Start the hunt based on enterprise's internal risk assessment and  vulnerabilities analysis of the environment {\emph{(this methodology is impacted by situational awareness) }} \tn 
% Row Count 14 (+ 9)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{x{2.48 cm} x{5.52 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{What Threat Hunter Needs}}  \tn
% Row 0
\SetRowColor{LightBackground}
{\bf{Data  }} & Every single spot on the organization need to be monitored because the hunt effectiveness depend on how imporatnt the data is. \tn 
% Row Count 5 (+ 5)
% Row 1
\SetRowColor{white}
{\bf{Threat Intel  }} & Threat hunters  base their hunt on IOAs and IOCs \tn 
% Row Count 7 (+ 2)
% Row 2
\SetRowColor{LightBackground}
{\bf{Baseline }} & in order to detect abnormalities threat hunter needs to understand the normalities ,so baseline will define the events that are authorized and expected making it easier to spot anomalies \tn 
% Row Count 14 (+ 7)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\SetRowColor{LightBackground}
\mymulticolumn{2}{x{8.4cm}}{{\bf{ {\emph{The more you know about your own network, the more effectively you can protect it.}} }}}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Threat Hunting Process-1}}  \tn
\SetRowColor{LightBackground}
\mymulticolumn{1}{p{8.4cm}}{\vspace{1px}\centerline{\includegraphics[width=5.1cm]{/web/www.cheatography.com/public/uploads/nourelhouda_1691446693_Screen Shot 2023-08-07 at 11.17.38 PM.png}}} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{x{4 cm} x{4 cm} }
\SetRowColor{DarkBackground}
\mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Threat Hunting Process-2}}  \tn
% Row 0
\SetRowColor{LightBackground}
{\bf{Create hypothesis  }} & The key to get started in  threat hunting is knowing what to ask           {\emph{ Example : }}         Who are threat actor that likely to target my organization?   what they are targeting ?  what is there motives ? \tn 
% Row Count 11 (+ 11)
% Row 1
\SetRowColor{white}
{\bf{Investigate via tools and techniques }} & After generating the hypothesis , this hypothesis need to be tested by using relevant tools and techniques \tn 
% Row Count 17 (+ 6)
% Row 2
\SetRowColor{LightBackground}
{\bf{Uncover new patterns and TTPs  }} & This step is aims to uncover  new patterns and TTPs  found on investigation ,in this step the hypothesis can be   proved or disproved {\emph{(The disproved  hypothesis can be refined and retested) }} \tn 
% Row Count 27 (+ 10)
% Row 3
\SetRowColor{white}
{\bf{Inform and enrich Analytics }} & Successful hunts form the basis for informing and enriching automated analytics {\emph{ (information from hunts can be used to improve existing detection mechanisms, which might include updating SIEM rules or detection signatures)}} \tn 
% Row Count 39 (+ 12)
\hhline{>{\arrayrulecolor{DarkBackground}}--}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Threat Hunting Metrics}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{{\bf{Number of incidents }}that are detected by severity  \newline % Row Count 2 (+ 2)
{\bf{Number of compromised hosts }} \newline % Row Count 3 (+ 1)
{\bf{Dwell Time }}of any incidents discovered  \newline % Row Count 4 (+ 1)
{\bf{Number of detection gaps filled}} \newline % Row Count 5 (+ 1)
{\bf{Any new visibility}} gained during the exercise. \newline % Row Count 7 (+ 2)
{\bf{False positive rate }} \newline % Row Count 8 (+ 1)
{\bf{Vulnerabilities identified }} \newline % Row Count 9 (+ 1)
{\bf{Number of hunts transitioned to new analytics }}% Row Count 10 (+ 1)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{These metrics can be used to measure the hunt success}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}

\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Resources}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{\{\{link="https://medium.com/@sqrrldata/the-cyber-hunting-maturity-model-6d506faa8ad5"\}\}The Cyber Hunting Maturity Model\{\{/link\}\} \newline % Row Count 3 (+ 3)
\{\{link="https://www.threathunting.net/files/framework-for-threat-hunting-whitepaper.pdf"\}\}A Framework forCyber Threat Hunting\{\{/link\}\} \newline % Row Count 6 (+ 3)
\{\{link="https://www.ibm.com/topics/threat-hunting"\}\}Why threat hunting is important\{\{/link\}\} \newline % Row Count 8 (+ 2)
\{\{link="https://www.elastic.co/campaigns/elastic-guide-to-threat-hunting"\}\}Elastic Guide to  threat hunting \{\{/link\}\} \newline % Row Count 11 (+ 3)
\{\{link="https://www.trellix.com/en-us/security-awareness/operations/what-is-cyber-threathunting.html"\}\}What Is Cyber Threat Hunting? \{\{/link\}\} \newline % Row Count 14 (+ 3)
\{\{link="https://www.crowdstrike.com/"\}\}CROWDSTRIKE \{\{/link\}\} \newline % Row Count 16 (+ 2)
\{\{link="https://resources.infosecinstitute.com/"\}\}INFOSEC\{\{/link\}\} \newline % Row Count 18 (+ 2)
\{\{link="https://www.youtube.com/watch?v=8JWWPFyz1EQ"\}\}Keynote: Threat Hunting as a Culture (HaaC)\{\{/link\}\} \newline % Row Count 21 (+ 3)
\{\{link="https://www.threathunting.net/files/hunt-evil-practical-guide-threat-hunting.pdf"\}\}Threat Hunting \{\{/link\}\} \newline % Row Count 24 (+ 3)
\{\{link="https://www.youtube.com/c/NetworkChuck"\}\}NetworkChuck \{\{/link\}\} \newline % Row Count 26 (+ 2)
\{\{link="https://www.youtube.com/c/SANSDigitalForensics"\}\}SANS Digital Forensics and Incident Response\{\{/link\}\} \newline % Row Count 29 (+ 3)
\{\{link="https://www.youtube.com/@CyborgSecurity"\}\}Cyborg Security\{\{/link\}\} \newline % Row Count 31 (+ 2)
} \tn 
\end{tabularx}
\par\addvspace{1.3em}

\vfill
\columnbreak
\begin{tabularx}{8.4cm}{X}
\SetRowColor{DarkBackground}
\mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Resources (cont)}}  \tn
\SetRowColor{white}
\mymulticolumn{1}{x{8.4cm}}{\{\{link="https://thehackernews.com/"\}\}The Hacker News\{\{/link\}\} \newline % Row Count 2 (+ 2)
\{\{link="https://attack.mitre.org/matrices/enterprise/"\}\}Mitre Attack\{\{/link\}\} \newline % Row Count 4 (+ 2)
\{\{link="https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html"\}\}Cyber Kill Chain \{\{/link\}\} \newline % Row Count 7 (+ 3)
\{\{link="https://www.iacpcybercenter.org/resource-center/what-is-cyber-crime/cyber-attack-lifecycle/"\}\}Attack Life Cycle\{\{/link\}\} \newline % Row Count 10 (+ 3)
\{\{link="https://scythe.io/library/summiting-the-pyramid-of-pain-the-ttp-pyramid"\}\}Pyramid of Pain\{\{/link\}\} \newline % Row Count 13 (+ 3)
\{\{link="https://www.bleepingcomputer.com/"\}\}BLEEPINCOMPUTER\{\{/link\}\}% Row Count 15 (+ 2)
} \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\SetRowColor{LightBackground}
\mymulticolumn{1}{x{8.4cm}}{{\emph{I used These resources to learn and then apply this knowledge to my day job as well as to create this cheatsheet }}}  \tn 
\hhline{>{\arrayrulecolor{DarkBackground}}-}
\end{tabularx}
\par\addvspace{1.3em}


% That's all folks
\end{multicols*}

\end{document}