In this day and age, malicious threat actors and APTs are leaning ever harder on AI and automation to speed up and obfuscate their operations. By utilizing hashes created from content, headers, SOA records, Name servers, and more, threat hunters can uniquely identify both the characteristics of malicious infrastructure that is unlikely to change and that which is changing rapidly. Both of which can be of critical value for defenders. Automatically generated phishing pages with minor, target-specific changes can be found en-masse, rapidly rotating infrastructure can be picked out like the blinding eyesore it is, and seemingly innocuous infrastructure can be caught hiding amongst the sheep so that the wolves never get (or stay) in the fence line. This talk will cover (in depth) how our threat hunters have utilized hashes, fuzzy hashes, and similarity searches to protect our clients and mitigate attacks before they are launched. Case studies will include 1 or 2 of the following: Scattered Spider, Latrodectus, Prolific Puma, SocGholish, Duke Eugene’s Android Malware, Meduza Stealer, as well as the malicious fake trading apps that we’re tracking via this method.