Completely customized compromise tools are becoming more and more popular as well as attacks performed without malicious software. Hence, the corporate security departments faced with the need to identify software and network attacks that are not detected using conventional safeguards, including intrusion detection system, malware protection system, leak control system etc. Now Threat hunting that find previously unknown threats is fashionable and offered as a product and as a service. We will tell you the truth about how you can do it yourself, what are the possible tools, how to configure and what they can do. Examples of configuration files and scripts will be available for self-experimentation after the report.