Monday, July 17, 2017

How Hot Is Your Hunt Team?

The idea of Threat Hunting in an organization can no longer be dismissed. No matter how mature your organization is regarding to this concept, you might be already doing some type of hunting already. However, how do you show the effectiveness of your hunting engagements? How do you show to your senior leadership the progress of your hunt team? There is the misconception of doing it by only tracking the number of incidents uncovered during hunting campaigns. However, in my opinion, it is is also important to consider if the right data is being collected, automation is being improved, and how much the team knows about its own environment when hunting for specific adversary techniques (You can change this and create your own metrics. This is just my opinion)

In this post, I will examine the MITRE ATT&CK framework in the form of a heat map in order to measure the effectiveness of a Hunt Team. I will use Excel (VLOOKUPs formulas & Conditional Formatting features) and the MITRE ATT&CK matrix structure to show you how to build your own heat map and start measuring the effectiveness of your hunt team for free.

Heat Map Goals:

  • Provide transparency to senior leadership on threat hunting strengths and weaknesses
  • Perform a gap analysis to demonstrate where resources are needed in your environment
  • Emphasize the effectiveness of collaboration among other teams (In order to reach a very good or excellent score, you might need to work with other teams to fill the gap)
  • Prioritize techniques based on the most crucial gaps identified

MITRE ATT&CK Framework

ATT&CK is a model and framework for describing the actions an adversary takes while operating within an enterprise network. The model can be used to better characterize post compromise adversary behavior with the goal of distilling common behaviors across known intrusion activity into individual or combinations of actions that an adversary may take to achieve their goals. The TTPs described in ATT&CK were selected based on observed APT intrusions from public reporting, and are included in the model at a level of abstraction necessary for effectively prioritizing defensive investments and comparing endpoint intrusion detection capabilities. [Source]

Get your own ATT&CK Matrix in Excel

Copy the MITRE ATT&CK Matrix

  • Open Excel and create a new blank workbook
  • Go to the MITRE ATT&CK techniques page and highlight the whole Matrix table
  • Copy (CTRL + C) the highlighted table (make sure you highlight the whole table) and paste it (First cell A1 or R1C1) on your new blank workbook as shown in figure 1 and 2 below. Even though you paste it on the first row, it is pasted starting on the second one. Just delete the first row. 

Figure 1: Copying MITRE ATT&CK Matrix

Figure 2: Copying Matrix to Excel

Edit your Matrix Table

Remove Hyperlinks from the whole table at once as shown in figure 3 below. Your table might not have borders anymore so just highlight your whole table and add borders to it as shown in figures 4, 5 and 6 below.

Figure 3: Remove Hyperlinks

Figure 4: Table without Hyperlinks

Figure 5: Add "All Borders" to your table

Figure 6: Plain MITRE Matrix table

Once you have everything as a table again, you will notice that several cells have long text that needs to be wrapped into several lines to fit better. Highlight your table again and use the "Wrap Text" option as shown in figure 7 below. 

Figure 7: Wrapping up long-text

Now, the table should be ready to be used for our heat map. Add colors to your header, adjust the font size, etc. Save your document and give your worksheet a name. I named mine "HeatMap" as shown in figure 8 below.

Figure 8: Matrix Ready for our Heat Map 

UPDATE  09/10/2017: Get your own ATT&CK Matrix in Excel

  • I developed a PowerShell script that I named Invoke-ATTACKAPI which leverages the MITRE ATTACK API to interact directly with the MITRE ATTACK framework and pull valuable information all at once.
  • I use this script now to update my ATTACK Enterprise Matrix
  • All you need to do is run the following command to get the same results as above:
Invoke-ATTACKAPI -Matrix | select Persistence, 'Privilege Escalation', 'Defense Evasion','Credential Access',
Discovery, 'Lateral Movement', Execution, Collection, Exfiltration, 'Command and Control' | 
Export-Csv C:\documents\matrix.csv -NoTypeInformation

Define Your Scoring System

You need to define your scoring system and set specific criterias that you would like to use to measure how effective your team is at detecting specific adversary techniques. 

A few basic steps:
  • You can start by setting your rating system levels (None, Poor, Fair, Good, Very Good & Excellent). 
  • You can then assign a color to each score (Keep in mind you are creating a heat map). 
  • Map a number to each level (0,1,2..5) as shown in figure 9 below.
  • Finally assign key focus points for each level. One example could be what I show in figure 9 below.
As I mentioned at the beginning of this post, tracking how many incidents get uncovered during a hunting campaign should not be considered as the ONLY indicator of an effective hunt team. Why? What if you do not find anything? Does that mean that your team is not good?. In my opinion, validating the detection of a specific adversary technique by focusing on having right data, improving the automation of hunting procedures, and knowing your environment should be also considered when determining the effectiveness of a hunt team. For example, you can focus on the following key points (This is a basic example. I recommend you come up with your own ones):

  • None
    • Not enough data to detect a specific adversary technique (i.e. hunting with only Windows Security Event Logs when hunting for PowerShell activity). Also, not centralizing the amount of data needed to hunt across the whole enterprise.
  • Poor
    • Sending all your logs to a central repository. If you "hunting" on one endpoint at the time, you are NOT being effective at all ! (Consider Splunk, ELK, etc)
    • Creating basic signatures or correlation rules to detect specific activity. Usually this is done by correlating two to three events. Also, here is where you might have Threat Intel feeds helping your routine hunts (IOC Sweeps). 
    • Running queries and trying to make sense of the data without automating certain hunting procedures that could make your hunt more effective and efficient. (i.e. After running a few queries in your SIEM you might still have thousands or hundreds of events that you will still need to go through and maybe correlate them with other events to find outliers) 
  • Fair: 
    • Collecting the right data (NOT JUST MORE DATA) to improve the detection of an adversary technique. Here is where you start adding Sysmon Logs, ETW, PowerShell logs, netflow, etc). Without the right tools or processes to aggregate and make sense of all the data, your team might not be effective yet. Hunters might be running queries and still get a very high amount of events that still need to be filtered to reduce the amount of data that needs to be analyzed.
  • Good: 
    • Correlating and integrating numerous data types across all your endpoints in order to filter out noise and potential false positives. Here is where you star using a few basic Data Science techniques in order to make sense of all the data that you have in your central repository (Better Automation)
  • Very Good: 
    • Leveraging more than just simple outlier detection techniques. Here is where your team starts using advanced data science techniques to detect the known and unknown (Of course, data science concepts such as Machine Learning cannot be applied to every single use case or technique that you are trying to detect. If you can validate the detection of an adversary technique by just applying basic data science techniques, then you might be already in the "Very Good" level.
  • Excellent
    • Here is where your team is very proficient at everything above and very effective at detecting adversary techniques, but with also a very good understanding of the environment (Beyond just having the right automation and data. If you do not understand exactly how certain activity relates to your environment then you might be missing stuff).

Remember that the table below needs to be created on a new sheet in the same Workbook where you created your ATT&CK Matrix. ( I named mine "Score Defs")

Figure 9: Basic Scoring System table

Define each Adversary Technique

Set your own "All Techniques" Page

  • Go to the MITRE ATT&CK  "All Techniques" page and highlight the whole table (Same way how you did it with the matrix earlier)
  • Copy (CTRL + C) the highlighted table (make sure you highlight the whole table) and paste it (First cell A1 or R1C1) on a new sheet in the same workbook. 
  • You will basically have to do the same adjustments you did to the MITRE ATT&CK matrix (wrap-text, font size, All Borders, Remove Hyperlinks, etc).
  • Make sure you go over the whole table and adjust certain parts of the table that might have not copied properly.

Figure 10: "All Techniques" Page

Once you have a table with everything from the "All Techniques" page, then you will have to add a few columns to add more context to it and integrate it with your Heat Map. 
  • I added two columns, one named "Detection Approach" and another one named "Data Sources". In the MITRE ATT&CK "All Techniques" page, I clicked on every single technique and grabbed the Detection approach and data sources needed to help me detect the specific technique.
  • I also Added another one named "Detection Score". Here you will have to review one by one with your team and give it a score following your "Score Defs sheet" (None, Poor, Fair, Good, Very Good, Excellent).
  • Finally, I added a column named "Tools". I use this to identify what current tools would help me hunt for a specific adversary technique. This is very helpful to also show vendors how much they are contributing to your detection/hunting capabilities (Vendors selling you EDR maybe?).

Figure 11: All Techniques Table

UPDATE  09/10/2017: Define each adversary technique

  • I developed a PowerShell script that I named Invoke-ATTACKAPI which leverages the MITRE ATTACK API to interact directly with the MITRE ATTACK framework and pull valuable information all at once.
  • I use this script now to update my adversary technique sheet
  • All you need to do is run the following command to get the same results before adding 'Detection Score' And tools columns:
Invoke-ATTACKAPI -Category -Technique | select @{Name="Name"; Expression={$_.Name -join ","}}, @{Name="Tactic"; Expression={$_.Tactic -join ","}}, @{Name ="ID"; Expression={$_.ID -join ","}}, @{Name="Description"; Expression={$_.Description -join ","}}, @{Name="Analytic details"; Expression={$_.'Analytic Details' -join ","}}, @{Name="Data Source"; Expression={$_.'Data Source' -join ","}}  | export-csv F:\wardog\scripts\techniques.csv -NoTypeInformation

Set a Detection Score Drop-Down List

I added a "Detection Score" column and was able to assign a score to each technique. What if we want to change the score? Do we delete the text and type it again?. I recommend to use n Excel feature named "Data Validation" under the "Data" tab. This limits the type of data that can be entered in a cell. This will help us to have a drop-down menu to pick from the 6 different levels of the rating system.

  • Highlight all your Detection score cells, click on the tab named "Data", and on "Data Validation" as shown in figure 12 below.
  • A window will pop up where you will have to select the list of values that you will want to use as part of your drop-down menu.
  • Click inside of the "Source" box and then click on the "Score Defs" sheet. Highlight the six levels (None, Poor, Fair, Good, Very Good, Excellent) and click Okay as shown in figure 14 below.
  • You will be able to now just hover over the right edge of the cells below the "Detection Score" column and you will have 6 options as shown in figure 15 below.

Figure 12: Highlighting "Detection Score" cells

Figure 13: Selecting a Source list

Figure 14: Getting values from the Score Defs sheet

Figure 15: Drop-Down list enabled on Detection Score cells.

Integrate All the Sheets

Heat Map Sheet: Add Scoring Columns

Add a blank column to the right of each tactical group as shown in figure 16 below. There is where you will sync the score you set for each technique in the "Detailed Technique" sheet.

Figure 16: Adding extra columns to the Heat Map.

Heat Map Sheet: VLOOKUPS

If your Excel version sets your Columns to be numbers instead of being letters, then you have the R1C1 reference style option enabled by default. If you are not comfortable with the R1C1 Reference style of your table, then you need to disable that feature by going to File> Option > Formulas ,un-check R1C1 reference style feature and click OK as shown in figure 17 below. 

Figure 17: Disable R1C1 Reference Style

Now you should be good to start setting your VLOOKUP formulas. First, Highlight the first cell next to the first Persistence technique ("Accessibility Features").

Copy the text below into the Formula bar as shown in figure 17:

=VLOOKUP(VLOOKUP(A2,'Detailed Techniques'!A:G,7,0),'Score Defs'!A:B,2,0)

  • A2 is the cell to the left of the cell you highlighted (The Adversary Technique). That's the value we are going to be looking for first.
  • ''Detailed Techniques'!A:G,7,0)
    • The first value in quotes is the name of the Sheet where you will look value in cell A2.
    • !AG: Table Range
    • The second value after the comma (7) is the "Detection Score" column number where we will collect the score value for the specific adversary technique that we were looking for (A2 = Accessibility Features)
    • The last value after the last comma (0) and before the ")" is basically saying "Match the exact value" that I am looking for (not fuzzy matching). 
  • 'Score Defs'!A:B,2,0)
    • The first value in quotes again is just pointing to the "Score Defs" sheet where you will now look for the Score string retrieved from the "Detailed Technique" sheet.
    • The second value after the first comma (2) is the "Integer Mapping" column number where we will collect the value (number) in relation to the specific score level (None, Poor, Fair, Good, Very Good or Excellent).
    • The last value after the last comma (0) and before the ")" is basically saying "Match the exact value" that I am looking for (not fuzzy matching). 

As you can see below, after entering the formula from above, I got a value of Zero which means that I set the score for Accessibility Features to be "NONE" ( Not data available for that technique)

Figure 18: Double VLOOKUP to get a score value for each technique

Now in order to test your formula with other techniques in the same column, select the cell with the number "0" and drag the bottom right corner of the cell down to apply the same formula to all the columns below as you can see in figure 19 below. 

Figure 19: Double VLOOKUP to get a score value for each technique

There will be cells that will be just blank, and in order to not get any error messages, we just have to add a conditional to the formula. Replace the first formula with the following:

=IF(ISNA(VLOOKUP(VLOOKUP(A2,'Detailed Techniques'!A:G,7,0),'Score Defs'!A:B,2,0)),"",VLOOKUP(VLOOKUP(A2,'Detailed Techniques'!A:G,7,0),'Score Defs'!A:B,2,0))

Figure 20: Double VLOOKUP with IF conditional to show empty cells where there are not techniques.

Heat Map: Locking Cell Values in Formula

Next, we have to copy the same formulas to the other columns and we want to make sure that our table ranges from our "Score Defs" and "Detailed Techniques" stay the same. The only value that should change is value of the first cell to the right of each technique. You can lock parts of your formula by doing the following:

  • Click on the first cell where you created the firs formula (B2)
  • Place your cursor on the Table Range of each sheet and press F4
  • You will see the table range values with Dollar Signs next to their parameters as shown in figure 21 below.

Figure 21: Lock cell values

Then, copy the first cell to the right of "Accessibility Features" under persistence, and paste it at the beginning of each column to the right of each technique. Then, drag the bottom right corner of each cell with the formula down until the last technique of each column as shown in figure 22 below. You will see that every single technique now has a value associated to its rate level.

Figure 22: All the values from the Detailed techniques and Score Defs are synced

Add Colors to your Heat Map

Get your RGB Color Values

First get the RGB values of all your rate levels. You can do that by going to your "Score Defs", clicking on the rate cell and checking its "More colors" settings of the fill color as shown in figure 23 below. Do the same for every single color. Let me share my RGB values just in case you like mine:

0 = RGB 255 79 79
1 = RGB 255 119 87
2 = RGB 255 174 93
3 = RGB 242 245 123
4 = RGB 209 220 255

5 = RGB 125 156 255

Figure 23:  RGB Value of Poor/1.

Conditional Formatting: Creating Rules

Once you have all your RGB values written down, go to your "HeatMap"  sheet and highlight the whole table. Do the following:

  • Click on Conditional Formatting > New Rule as shown in figure 24 below
  • Select "Use a formula to determine which cells to format"  (Figure 25)
  • In the "Format values where this formula is true", type: =B2=1  (Figure 26)
  • Click on Format > More Colors> and set the RGB value for the Rate Poor=1.
  • Click OK> OK > OK (Figure 27)
  • You should now see all the techniques where the effectiveness of the Hunt team was set to 1 as orange as shown in figure 28

Figure 24:  Creating a new rule.

Figure 25:  Setting the rule type.

Figure 26:  Set the values where the formula is true.

Figure 27:  Setting the RGB value..

Figure 28:  Poor values.

Next, create the rest of the rules for the rate values of 2, 3, 4 , 5, 0 and "" (BLANK) Yes you have to create a BLANK rule at the end. Make the "" rule your last rule and set it to "No color" (The rule should show up as the first top rule). That rule should look like something like this: =B2="" .

Once you have all the rules in place, your heat map should look like this:

Figure 29:  Your First Heat Map.

Bonus: Effectiveness Trend

You can add up all the values per tactical group, get the average number and show a chart with a summary of how effective your hunt team is per tactical group and per quarter. (Your Boss will love this)

Figure 30: Effectiveness Trend Over Time.

Test your Heat Map: Take Care of the Basics

Lets say you start sending all your native windows event logs to a central repository and start collecting Sysmon logs too. You will see techniques going from None to Poor or Fair (This is just an example). Remember that even though we might have some extra visibility, you still would have to go through a lot of data and analyze several events if you do not improve the automation of certain hunting procedures. Several adversary techniques require more than just a simple correlation rule or signature. Also, we are measuring the effectiveness of the Hunt Team and not just how many incidents get uncovered during the hunting campaign.

Figure 31: Heat Map update

Final Thoughts

I hope this was very helpful for those Hunt Teams that would like to give themselves an idea of how effective their hunt team is. This is one of many ways that you can put metrics towards your hunting campaigns. 

For those that would like to just download the template and start using it right away, you can find it in the metrics folder of the ThreatHunter-Playbook


if you would like to contribute to the ThreatHunter-Playbook, just send a PR ! 

Feedback is greatly appreciated! Thank you.


  1. In the section "Test your Heat Map: Take Care of the Basics" are your scores going from None to Poor to Fair automatically? I read through this article a few times and did not see how you would automate the rating of these scores.

    1. Hey Thank you for the question. I was actually thinking on adding an extra image in there to show how to update the scores but I thought it was already being taken care of when I showed how to create the drop-down menu in figure 15. Every time you simulate and validate the detection of a technique, you and your team will have to manually update the detection score of the specific technique. You will just have to go to the "Detailed Techniques" Sheet, look for the specific technique and change the value of the cell under the "Detection Score" Column (None, Poor, Fair, Good, Very Good, & Excellent). I hope this answers your question. Let me know if this helped. Thank you !

    2. Thanks for the quick reply. It does help

  2. Replies
    1. Thank you for the feedback vishnu! I hope it helps :)

  3. Hi CyberWarDog,

    I enjoyed your blog, especially because it doesn't rely on splunk, but Kibana. This helped to improve our monitoring.

    So here's my question:

    I've implemented a USB HID backdoor for a Pi Zero to get access to air gapped machines. I'm interested in your ideas about triggered IOCs you see in the attack.
    Everything is PowerShell and NET based. I avoided using parameters like "-exec bypass", "-NoP" etc.
    Considering "Module Logging", the main part of the payload is loaded as NET assembly, only stage 1 uses PowerShell commands. "IEX" is used one time, but this is optional. Nothing is written to disc. The powershell parts calling kernel.dll or user32.dll code use reflections, in order to avoid compiling CSharp inline code (and thus writing temporary files to disc).

    Details could be found here:

    1. Hey Mame82, I am very happy to hear that I could help a little bit with your monitoring :) . I am sorry for my late response. Regarding triggered IOCs by your interesting USB HID backdoor, I would say that without testing yet, I think that from a powershell perspective you will still show in the module logging logs because of the reflection technique being used to avoid compiling Csharp. I will take a look at it and provide more details. Thank you for sharing your feedback! I cant wait to test your tool. I hope you have a great weekend!

  4. Thanks so much for this. When I try:

    Invoke-ATTACkAPI -Category -Technique | select Name, Tactic, Description, 'Analytic Details', 'Data Source' | export-csv -Notypeinformation C:\Documents\techniques.csv

    I get a csv full of System.Object[] for every column except "Tatic". Running the command without the export-csv, the output shows the data is there just fine.

    Is this to do with the String casting that runs as part of the export-csv? Or am i missing something obvious?

    1. Answered my own question with some code from your github readme:

      Invoke-ATTACKAPI -Category -Technique | select @{Name="Name"; Expression={$_.Name -join ","}}, @{Name="Tactic"; Expression={$_.Tactic -join ","}}, @{Name ="ID"; Expression={$_.ID -join ","}}, @{Name="Description"; Expression={$_.Description -join ","}}, @{Name="Analytic details"; Expression={$_.'Analytic Details' -join ","}}, @{Name="Data Source";Expression={$_.'Data Source' -join ","}} | export-csv -NoTypeInformation techniques.csv

    2. Hey Scotty! Sorry for the late response, I just got back from my honeymoon. I updated the post with the example from the github readme. Thank you for double checking. Thank you for the feedback too. I really appreciate it. Would you mind sharing how you are using the heatmap?? I would love to hear new ideas and how it can be improved. Thank you again!

    3. Sure thing - what's the best way to get in touch to have a chat?

    4. Hey Scotty! I hope all is well. via twitter would work first. We can discuss another channel via DM.

  5. Just stumbled onto this, great post. I'm going through a similar effort and have a few thoughts - can discuss on twitter if easier (@ClayDoesSec);
    1. Open to inputs/additions to the DataSource Tool Coverage list?
    2. Similar to 1, I believe there could be an expansion to prevention and response capabilities. It would manifest itself as part of the Tool Coverage list, and then potentially adding definition to the heatmap (either as contributions of the single value, or potentially their own heatmaps dedicated to protect-only and detect-only capabilities).
    3. Have you already started to incorporate the ATT&CK updates from 1/16/2018?
    4. Have you considered including PRE-ATT&CK?

    1. If you are suffering from muscle spasms, then visit to get medication online of muscle spasms. You may also buy these products by clicking these below links.

      Buy Carisoprodol Online
      Buy Carisoprodol 350mg Online

      Buy Flexeril Online
      Buy Flexeril 5mg Online
      Buy Flexeril 10mgOnline

      Buy Soma Online
      Buy soma 250mg online
      Buy soma 350mg online


  6. It is nice blog Thank you provide important information and i am searching for same information to save my time Data Science online Training India

  7. This comment has been removed by a blog administrator.

  8. This comment has been removed by a blog administrator.

  9. This comment has been removed by a blog administrator.

  10. Hey! Someone in my Facebook group shared this site with us so I came to check it out. I’m definitely enjoying the information. I’m bookmarking and will be tweeting this to my followers! Excellent blog and terrific design and style.


  11. Thank you for sharing your article. Great efforts put it to find the list of articles which is very useful to know, Definitely will share the same to other forums.
    Data Science Training in chennai at Credo Systemz | data science course fees in chennai | data science course in chennai quora | data science with python training in chennai

  12. Hi CyberWardog - the link to the heatmap.xlsx seems to be broken. Could you provide an alternate way to download? Much appreciated. The work you have done is awesome!

  13. i am always like to learn hunting resources. today i got here some issue about this topic, great explanation. thanks. i also tried to start hunting resources, just check it

  14. Nice blog, keep more updates about this type of information. Visit for the best Website Designing and Development Company in Delhi.
    SEO Service in Delhi

  15. Get Mutual Fund Investment Schemes by Mutual Fund Wala and know about the best investment platform for you, to get profit.
    Best Performing Mutual Fund

  16. Very informative blog post. This blog clearly shows the importance of heat mapping website. Thanks for sharing

  17. Magnificent data, visit our page way of life magazine to get the best style and way of life magazines.
    Lifestyle Magazine

  18. If you want to break you marriage so you will do this Dua to break unlawful marriage

  19. This is really a big and great source of information. We can all contribute and benefit from reading as well as gaining knowledge from this content just amazing
    experience Thanks for sharing such a nice information.

  20. This is really nice, thanks again for this wonderful and valuable information sharing with us. Visit Kalakutir for Godown Floor Marking Painting and Base Company Logo Painting.
    Base Company Logo Painting

  21. Soma pill is very effective as a painkiller that helps us to get effective relief from pain. This cannot cure pain. Yet when it is taken with proper rest, it can offer you effective relief from pain.
    This painkiller can offer you relief from any kind of pain. But Soma 350 mg is best in treating acute pain. Acute pain is a type of short-term pain which is sharp in nature. Buy Soma 350 mg online to get relief from your acute pain.

    Buy Soma 350 mg
    Soma Pill
    Buy Soma 350 mg online

    Buy Soma 350 mg online
    Soma Pill
    Buy Soma 350 mg

  22. Nice blog, thank you so much for sharing such an amazing blog. Get the best Website Designing Services by our expert of OGEN Infosystem in Delhi, India.
    Web Design Company in Delhi

  23. Keeping that in mind we will welcome you to Ludhiana escorts agency, a brand name which everyone is buzzing in town, a name which is the precedent for high class escort service and place for amusement and entertainment.
    Ludhiana escorts
    udaipur escort service
    Gurgaon escorts
    Jodhpur escorts
    Noida escorts
    Dehradun escorts

  24. I am an Jaipur escorts is the perfect girl to seduce any man by exposing glamour and natural beauty; finding the beautiful girl at Jaipur escorts not so tough because here each escort looks lovely and hot.
    Jaipur escorts
    Nainital escort service
    Goa escorts
    Mumbai escorts
    Pune escorts

  25. I like your blog post. Keep on writing this type of great stuff. I'll make sure to follow up on your blog in the future.
    Cybex Technologies - Unified Communication and Security Solutions Provider

  26. Appslure is Best app development company in mumbai and you can get website development service at a very affordable price.
    App development company in mumbai

  27. Awesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work!
    data analytics courses

    data science interview questions

    business analytics course

    data science course in mumbai

  28. very nice

  29. If you are feeling very depressed, have any panic disorders, Mental Stress, Anxiety Disorders visit the page and resolve all these problams and also New Year Offer begain offer limited period.
    Call Now For Buy Anxiety Medicines at very cheap price as compair to other dealer: +1-850-424-1335

  30. topmedsreview: Provide the best information about anxiety, panic disorder, mental stress, depression, Hyperactivitys issuse. Top meds review is a social platform providing the best medical information, medicine review, and health guidance. Our website provides credible information, depth reference material about health subjects that matter to everyone.

    Anxiety Medicines
    Soma Addiction
    Types Of Xanax Bars
    Pain Relief

  31. This is a wonderful article, Given so much info in it, Thanks for sharing. CodeGnan offers courses in new technologies and makes sure students understand the flow of work from each and every perspective in a Real-Time environmen python training in vijayawada. , data scince training in vijayawada . , java training in vijayawada. ,

  32. Buy Medicines Online from Ship From CA. No prescription is required for Buy Hydrocodone, Oxycodone, Percocet, Vicodin and Oxycontin Online Overnight from us
    Ship From CA
    Buy hydrocodone online
    Buy oxycodone online
    Buy vicodin online
    Buy norco online
    Buy percocet online
    Buy oxycontin online
    Buy adderall online
    Buy ambien online

  33. Buy Hydrocodone Online. We provide Hydrocodone, Oxycodone, Percocet, Adderall without prescription also get discounts up to 35%. Call us +802-323-1095.
    Buy medionline

  34. It's really a nice experience to read your post. Thanks for sharing your innovative ideas to our vision.
    Data Science Course
    Data Science Course in Marathahalli

  35. We are passionate pet lovers especially dogs and cats. At impetlover, we cover from Pet Resources, Gifts Guide, How to, Informational and everything else about their breeds and tricks.

  36. very nice good post