January
Intelligence Technology and Tradecraft in 2015 – http://www.cyintanalysis.com/intelligence-technology-and-tradecraft-in-2015/
WEF Global Risks Report 2016 – https://www.weforum.org/reports/the-global-risks-report-2016
ENISA’s Cyber-Threat overview 2015 – https://www.enisa.europa.eu/news/enisa-news/enisa2019s-cyber-threat-overview-2015
Introduction to DFIR – https://sroberts.github.io/2016/01/11/introduction-to-dfir-the-beginning/
No, Norse is Not a Bellwether of the Threat Intel Industry
but Does Hold Lessons Learned – http://www.robertmlee.org/no-norse-is-not-a-bellwether-of-the-threat-intel-industry-but-does-hold-lessons-learned/
VB2015 paper: Effectively testing APT defences: defining
threats, addressing objections to testing, and suggesting some practical
approaches – https://www.virusbulletin.com/virusbulletin/2016/01/paper-effectively-testing-apt-defences-defining-threats-addressing-objections-testing-and-suggesting-some-practical-approaches
The Role of Curiosity in Security Investigations – http://chrissanders.org/2016/01/curiosity-in-security-investigations/
Windows Commands Abused by Attackers – http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html
Starting Small with Threat Intel – Pt. 1 – https://swannysec.net/2016/01/14/starting-small-with-threat-intelligence-pt-1.html
February
NSA’s TAO Head on Internet Offense and Defense – https://www.schneier.com/blog/archives/2016/02/nsas_tao_on_int.html
Starting Small with Threat Intel – Pt. 2 – https://swannysec.net/2016/02/05/starting-small-with-threat-intel-pt-2.html
Themes, Personal Notes, & Resources From SANS CTI Summit
2016 – http://www.cyintanalysis.com/themes-personal-notes-resources-from-sans-cti-summit-2016/
Thoughts on the ICS-CERT Ukraine Cyber Attack Report – https://ics.sans.org/blog/2016/02/25/thoughts-on-the-ics-cert-ukraine-cyber-attack-report/
FireEye Releases Mandiant M-Trends Report with Insights from
Advanced Attack Investigations – https://www.fireeye.com/company/press-releases/2016/fireeye-releases-mandiant-m-trends-report-with-insights-from-adv.html
Greater Visibility Through PowerShell Logging – https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html
Detecting Offensive PowerShell Attack Tools – https://adsecurity.org/?p=2604
March
The Problems with Seeking and Avoiding True Attribution to
Cyber Attacks – http://www.robertmlee.org/the-problems-with-seeking-and-avoiding-true-attribution-to-cyber-attacks/
Questions for Evaluating an External Threat Intelligence
Source – http://www.activeresponse.org/questions-for-evaluating-an-external-threat-intelligence-source/
APT Ransomware – http://carnal0wnage.attackresearch.com/2016/03/apt-ransomware.html
CTI SquadGoals – Setting Requirements – https://sroberts.github.io/2016/03/30/cti-squad-goals-intro-to-requirements/
Conducting Red Team Assessments Without the Use of Malware – https://www.fireeye.com/blog/products-and-services/2016/03/conducting_red_team.html
A Novel WMI Persistence Implementation – https://www.secureworks.com/blog/wmi-persistence
Systems Admins: We Need To Talk. – https://offensivetechblog.wordpress.com/2016/03/29/systems-admins-we-need-to-talk/
Investigating PowerShell: Command and Script Logging – http://forensicmethods.com/investigating-powershell
April
PowerShell Takes Center Stage as Attackers Attempt to Cloak
Attacks – https://www.carbonblack.com/2016/04/12/powershell-takes-center-stage-as-attackers-attempt-to-cloak-attacks/
How to Write Simple but Sound Yara Rules – Part 3 – https://www.bsk-consulting.de/2016/04/15/how-to-write-simple-but-sound-yara-rules-part-3/
Hack Back! A DIY Guide – http://pastebin.com/0SNSvyjJ
Tradecraft Tuesday – Hacking Team Breach Overview – https://www.cybrary.it/2016/04/tradecraft-tuesday-hacking-team-compromise-over/
What is Threat Hunting? – https://blindseeker.com/blahg/?p=830
Magical Thinking in Internet Security – https://www.farsightsecurity.com/2016/04/28/vixie-magicalthinking/
Sysmon logs at scale analyzed with Splunk – https://securitylogs.org/2016/05/07/sysmon-logs-at-scale/
Two bytes to $951m – https://baesystemsai.blogspot.co.uk/2016/04/two-bytes-to-951m.html
Verizon’€™s 2016
Data Breach Investigations Report – http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/
Cyber Threat Intelligence: Q n As (aka #ctijam) – https://www.linkedin.com/pulse/cyber-threat-intellgience-q-n-aka-ctijam-andreas-sfakianakis
May
How to Fall Victim to Advanced Persistent Threats – https://www.bsk-consulting.de/2016/05/04/how-to-fall-victim-to-apt/
Unofficial Guide to Mimikatz & Command Reference – https://adsecurity.org/?page_id=1821
A bomb just dropped in endpoint security… and I’m not sure
anyone noticed – http://blog.eckelberry.com/a-bomb-just-dropped-in-endpoint-security-and-im-not-sure-anyone-noticed/
Adversarial Tactics, Techniques & Common Knowledge – https://attack.mitre.org/wiki/Main_Page
Technical Report about the Malware used in the
Cyberespionage against RUAG – https://www.melani.admin.ch/melani/en/home/dokumentation/reports/technical-reports/technical-report_apt_case_ruag.html
Targeted Attacks against Banks in the Middle East – https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html
Windows Top 10 Events to monitor from My Dell Enterprise
Security Summit Talk – https://hackerhurricane.blogspot.co.uk/2016/05/windows-top-10-events-to-monitor-from.html
June
Not All IOC Scanning Is the Same – https://www.bsk-consulting.de/2016/06/12/ioc-scanning-compulsory-and-freestyle/
Hacking Team Breach: A Cyber Jurassic Park – https://blogs.microsoft.com/microsoftsecure/2016/06/01/hacking-team-breach-a-cyber-jurassic-park/
Hunting for Rogue PowerShell Profiles – https://blog.tanium.com/hunting-rogue-powershell-profiles/index.html
Common Ground Part 1: Red Team History & Overview – https://www.sixdub.net/?p=705
Common Ground: Planning is Key – https://www.sixdub.net/?p=709
Why Ransomware? Why Now? How Intelligence Would Address
Infosec Questions – https://medium.com/@thegrugq/why-ransomware-why-now-bd1395a147cb#.rm7t4bfpt
Bears in the Midst: Intrusion into the Democratic National
Committee – https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/
Where My Admins At? (GPO Edition) – http://www.harmj0y.net/blog/redteaming/where-my-admins-at-gpo-edition/
The Windows PowerShell Cheat Sheet is now available! – https://hackerhurricane.blogspot.co.uk/2016/06/the-windows-powershell-cheat-sheet-is.html
How Hired Hackers Got “Complete Control” Of Palantir – https://www.buzzfeed.com/williamalden/how-hired-hackers-got-complete-control-of-palantir?utm_term=.ufP3gO0XWB#.tx1Xbw1mdQ
Penetration Test vs. Red Team Assessment: The Age Old Debate
of Pirates vs. Ninjas Continues – https://community.rapid7.com/community/infosec/blog/2016/06/23/penetration-testing-vs-red-teaming-the-age-old-debate-of-pirates-vs-ninja-continues
Who’s afraid of PowerShell security? – https://blogs.technet.microsoft.com/ashleymcglone/2016/06/29/whos-afraid-of-powershell-security/
Digital Reconnaissance Fundamentals – http://redteams.net/digitalops/2016/digital-reconnaissance-fundamentals
Shiny Object? Guccifer 2.0 and the DNC Breach – https://www.threatconnect.com/blog/guccifer-2-0-dnc-breach/
Tactical Response – http://frodehommedal.no/presentations/cert-ee-symposium-2016/#/
July
The Darker Side of Threat Intelligence: Cyber Stockholm
Syndrome – http://www.activeresponse.org/the-darker-side-of-threat-intelligence-cyber-stockholm-syndrome/
The Threat Hunting Project – http://www.threathunting.net/
Common Ground Part 3: Execution and the People Factor – https://www.sixdub.net/?p=714
Spotting the Adversary with Windows Event Log Monitoring
(version 2) – https://www.iad.gov/iad/library/reports/spotting-the-adversary-with-windows-event-log-monitoring.cfm
dfir.training – http://www.dfir.training/index.php
PS>Attack – https://www.psattack.com/
Mitigations for LSA Credential Exposure | Part 1: Plain-Text
Passwords – https://thedefensedude.wordpress.com/2016/07/19/mitigations-for-lsa-credential-exposure-part-1-plain-text-passwords/
How to Build a 404 page not found C2 – http://www.blackhillsinfosec.com/?p=5134
5 Takeaways From The “Building A Strategic Threat
Intelligence Program” Webinar – https://www.digitalshadows.com/blog-and-research/5-takeaways-from-the-building-a-strategic-threat-intelligence-program-webinar/
My Thoughts on Threat Hunting – https://findingbad.blogspot.co.uk/2016/07/my-thoughts-on-threat-hunting.html
Intelligence Collection Priorities – https://sroberts.github.io/2016/07/26/intelligence-collection-priorities/
An Important Internal Intelligence Source to Add to Your
Collection Plan – http://www.cyintanalysis.com/an-important-internal-intelligence-source-to-add-to-your-collection-plan/
STIX 2.0 – CTI TC Development – https://stixproject.github.io/stix2.0/
August
PowerShell Security: PowerShell Attack Tools, Mitigation,
& Detection – https://adsecurity.org/?p=2921
Automating Detection of Known Malware through Memory
Forensics – https://volatility-labs.blogspot.co.uk/2016/08/automating-detection-of-known-malware.html
procfilter – A YARA-integrated process denial framework
for Windows- https://github.com/godaddy/procfilter
APT Groups and Operations – https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit#gid=1864660085
Hunting Lateral Movement- https://findingbad.blogspot.co.uk/2016/08/hunting-lateral-movement.html
How to Build Your Own Penetration Testing Drop Box – http://www.blackhillsinfosec.com/?p=5156
The Shadow Brokers: Lifting the Shadows of the NSA’s
Equation Group? – https://www.riskbasedsecurity.com/2016/08/the-shadow-brokers-lifting-the-shadows-of-the-nsas-equation-group/
Equation Group Firewall Operations Catalogue – https://musalbas.com/2016/08/16/equation-group-firewall-operations-catalogue.html
Defining Cyber Threat Intelligence – https://ctianalys.is/2016/08/22/defining-cyber-threat-intelligence/
Threat Intelligence Definition: What is Old is New Again – http://www.activeresponse.org/threat-intelligence-definition-old-new/
Intelligence Defined and its Impact on Cyber Threat
Intelligence – http://www.robertmlee.org/intelligence-defined-and-its-impact-on-cyber-threat-intelligence/
Threat intelligence report for the telecommunications
industry – https://securelist.com/analysis/publications/75846/threat-intelligence-report-for-the-telecommunications-industry/
Examining Recent Ransomware Infection Techniques (And Some
Thoughts on Consuming Intelligence) – http://www.cyintanalysis.com/examining-recent-ransomware-infection-techniques-and-some-thoughts-on-consuming-intelligence/
The Laws of Cyber Threat: Diamond Model Axioms – http://www.activeresponse.org/diamond-model-axioms/
FIRST announces Traffic Light Protocol (TLP) version 1.0 – https://www.first.org/newsroom/releases/20160831
RIPPER ATM Malware and the 12 Million Baht Jackpot – https://www.fireeye.com/blog/threat-research/2016/08/ripper_atm_malwarea.html
A Guide to Cyber Threat Hunting Operations- http://www.infosecurity-magazine.com/opinions/a-guide-to-cyber-threat-hunting/
Updated EDR sheet – http://www.hexacorn.com/blog/2016/08/12/updated-edr-sheet/
September
Some Favorite DerbyCon 6 Talks (2016) – https://adsecurity.org/?p=3238
Let the benchmarks hit the floor: Autopsy vs Encase vs FTK
vs X-Ways (in depth testing) – https://binaryforay.blogspot.co.uk/2016/09/let-benchmarks-hit-floor-autopsy-vs.html
Welcome to the Cyber Analytics Repository – https://car.mitre.org/wiki/Main_Page
All The Rosetta Stones! – http://www.cyintanalysis.com/all-the-rosetta-stones/
Categories of Abnormal – https://findingbad.blogspot.co.uk/2016/09/categories-of-abnormal.html
Snagging creds from locked machines – https://room362.com/post/2016/snagging-creds-from-locked-machines/
Five Attributes of an Effective Corporate Red Team – http://blog.ioactive.com/2016/09/five-attributes-of-effective-corporate.html
A Simple, Free, and Fast Open Source Workflow For Processing
Indicators – http://www.cyintanalysis.com/a-simple-free-and-fast-open-source-workflow-for-processing-indicators/
BloodHound – https://github.com/adaptivethreat/BloodHound
Congressional Report Slams OPM on Data Breach – http://krebsonsecurity.com/2016/09/congressional-report-slams-opm-on-data-breach/
Indicators and Security Analytics: Their Place in Detection
and Response – http://www.activeresponse.org/indicators-and-analytics-in-detection-and-response/
How to Hunt: Detecting Persistence & Evasion with the
COM – https://www.endgame.com/blog/how-hunt-detecting-persistence-evasion-com
KrebsOnSecurity Hit With Record DDoS – https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/
Future attack scenarios against ATM authentication systems – https://securelist.com/analysis/publications/76099/future-attack-scenarios-against-atm-authentication-systems/
Chasing APTs: How a Hunt Evolves – http://good-hunting.infocyte.com/2016/09/22/chasing-apts-how-a-hunt-evolves/
Unfetter – https://iadgov.github.io/unfetter/
The Effects of Opening Move Selection on Investigation Speed
– http://chrissanders.org/2016/09/effects-of-opening-move-investigation-speed/
Detecting Data Staging & Exfil Using the
Producer-Consumer Ratio – https://detect-respond.blogspot.co.uk/2016/09/detecting-data-staging-exfil-using-PCR-shift.html
Defining Threat Intelligence Requirements – https://isc.sans.edu/diary/Defining%2BThreat%2BIntelligence%2BRequirements/21519
Europol’s 2016 Internet Organised Crime Threat Assessment
(IOCTA) – https://www.europol.europa.eu/newsroom/news/relentless-growth-of-cybercrime
Active Directory Risk Auditing with BloodHound – https://thedefensedude.wordpress.com/2016/09/28/active-directory-risk-auditing-with-bloodhound/
Mind Games: International Championship – Intelligence Agency
Calculus – https://medium.com/@thegrugq/mind-games-international-championship-cc143febb793#.c5isyp81w
Hunter’s Tool Chest: Sysmon – https://medium.com/@jshlbrd/hunters-tool-chest-sysmon-1b26896f7d47#.galvzxxz6
October
Securing Windows Workstations: Developing a Secure
Baseline – https://adsecurity.org/?p=3299
The Diamond Model and Network Based Threat Replication – https://www.sixdub.net/?p=762
The Windows Logging, File and Registry Auditing Cheat Sheets
updated for Windows 10 and some cleanup and additions – https://hackerhurricane.blogspot.co.uk/2016/10/the-windows-logging-file-and-registry.html
Why Threat Intelligence Sharing is Not Working: Towards An
Incentive-Based Model – http://www.activeresponse.org/threat-intelligence-sharing-not-working-towards-incentive-based-model/
Approaches to Threat Hunting – http://good-hunting.infocyte.com/2016/10/03/approaches-to-threat-hunting/
The $5 Vendor-Free Crash Course: Cyber Threat Intel – https://tisiphone.net/2016/10/04/the-5-vendor-free-crash-course-cyber-threat-intel/
Nation State Threat Attribution: a FAQ – https://tisiphone.net/2016/10/11/threat-attribution-faq/
Increased Use of WMI for Environment Detection and Evasion – https://www.fireeye.com/blog/threat-research/2016/10/increased_use_ofwmi.html
Scale-out Security Event Processing for detection and
analysis.- https://medium.com/@henrikjohansen/scale-out-security-event-processing-for-detection-and-analysis-c756e0d188a4#.svdx3fxhk
The Empire Strikes Back – http://www.harmj0y.net/blog/empire/the-empire-strikes-back/
Mapping Mirai: A Botnet Case Study – https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.html
Invoke-Obfuscation v1.1 (coming Sunday, Oct 9) – http://www.danielbohannon.com/blog-1/2016/10/1/invoke-obfuscation-v11-release-sunday-oct-9
Building Threat Hunting Strategies with the Diamond Model – http://www.activeresponse.org/building-threat-hunting-strategy-with-the-diamond-model/
Cyber: Ignore the Penetration Testers – https://medium.com/@thegrugq/cyber-ignore-the-penetration-testers-900e76a49500#.i055n3f1c
Net Cease – Hardening Net Session Enumeration – https://gallery.technet.microsoft.com/Net-Cease-Blocking-Net-1e8dcb5b
Threat Hunting – A Tale of Wishful Thinking and Willful
Ignorance … – http://www.hexacorn.com/blog/2016/10/15/threat-hunting-a-tale-of-wishful-thinking-and-willful-ignorance/
Common Red Team Techniques vs Blue Team Controls Infographic
– https://blog.netspi.com/common-red-team-techniques-vs-blue-team-controls-infographic/
More Detecting Obfuscated PowerShell – http://www.leeholmes.com/blog/2016/10/22/more-detecting-obfuscated-powershell/
MISP -The Design and Implementation of a Collaborative
Threat Intelligence Sharing Platform – https://www.researchgate.net/publication/309413369_MISP_-The_Design_and_Implementation_of_a_Collaborative_Threat_Intelligence_Sharing_Platform
November
Securing Domain Controllers to Improve Active Directory
Security – https://adsecurity.org/?p=3377
Seek Evil, and Ye Shall Find: A Guide to Cyber Threat
Hunting Operations – https://digitalguardian.com/blog/seek-evil-and-ye-shall-find-guide-cyber-threat-hunting-operations
Leak on Aisle 12! An Analysis of Competing Hypotheses for
the Tesco Bank Incident – https://www.digitalshadows.com/blog-and-research/leak-on-aisle-12-an-analysis-of-competing-hypotheses-for-the-tesco-bank-incident/
Moving Beyond EMET – https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/
The Hunter’s Den: Internal Reconnaissance (Part 1) – http://blog.sqrrl.com/the-hunters-den-internal-reconnaissance-part-1
Kerberoasting Without Mimikatz – http://www.harmj0y.net/blog/powershell/kerberoasting-without-mimikatz/
2016 Targeted Threats in Review – What We’ve Learned – http://www.activeresponse.org/2016-targeted-threats/
Pentest Toolbox Additions 2016 – https://www.tripwire.com/state-of-security/security-data-protection/pentest-toolbox-additions-2016/
On Nation States and Sophistication – http://carnal0wnage.attackresearch.com/2016/11/on-nation-states-and-sophistication.html
Digging Into Sysinternals: PsExec – https://medium.com/@mbromileyDFIR/digging-into-sysinternals-psexec-64c783bace2b#.8a17aotzs
Extending Linux Executable Logging With The Integrity
Measurement Architecture – https://www.fireeye.com/blog/threat-research/2016/11/extending_linux_exec.html
Introducing TheHive – https://blog.thehive-project.org/2016/11/07/introducing-thehive/
Independence and Threat Intelligence Platforms – http://www.misp-project.org/2016/11/16/Independence-and-Threat-Intelligence-Platforms.html
Kaspersky Security Bulletin. Predictions for 2017 – https://securelist.com/analysis/kaspersky-security-bulletin/76660/kaspersky-security-bulletin-predictions-for-2017/
The Hunting Cycle and Measuring Success – https://findingbad.blogspot.co.uk/2016/11/the-hunting-cycle-and-measuring-success.html
Digital Forensics / Incident Response – The Definitive
Compendium Project – https://docs.google.com/spreadsheets/d/1JY-iyw-LEuPCkBAdjorMJhmhGRusN95eLmejWcky7XU/edit#gid=0
Microsoft replaces cmd.exe with PowerShell in
latest Win10 build – http://www.itnews.com.au/news/microsoft-replaces-cmdexe-with-powershell-in-latest-win10-build-442016
How to write security alerts – https://summitroute.com/blog/2016/11/22/how_to_write_security_alerts/
ATT&CK™ Gaining Ground – https://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/attck%E2%84%A2-gaining-ground
FireEye Responds to Wave of Destructive Cyber Attacks in
Gulf Region – https://www.fireeye.com/blog/threat-research/2016/11/fireeye_respondsto.html
SplunkConf 2016: Using Splunk to hunt for malicious
PowerShell usage – https://www.peerlyst.com/posts/splunkconf-2016-using-splunk-to-hunt-for-malicious-powershell-usage-by-ryan-chapman-and-lisa-tawfall-ron-hardy<
Hunting for Malware Critical Process Impersonation – https://detect-respond.blogspot.co.uk/2016/11/hunting-for-malware-critical-process.html
Uncover insider threats, blind spots in your network with
Advanced Threat Analytics – https://blogs.technet.microsoft.com/enterprisemobility/2016/11/07/uncover-insider-threats-blind-spots-in-your-network-with-advanced-threat-analytics/
The Purple Team Pentest – https://technicalinfodotnet.blogspot.co.uk/2016/11/the-purple-team-pentest.html
6 Red Team Infrastructure Tips – https://cybersyndicates.com/2016/11/top-red-team-tips/
20 Questions Smart Security Pros Should Ask About
'Intelligence' – http://www.darkreading.com/operations/20-questions-smart-security-pros-should-ask-about-intelligence-/a/d-id/1327565
December
How do security professionals study threat actors, & why
do we do it? – https://tisiphone.net/2016/12/12/how-do-security-professionals-study-threat-actors-why-do-we-do-it/
SAMRi10: Windows 10 hardening tool for thwarting network
recon – https://www.helpnetsecurity.com/2016/12/01/samri10-windows-10-hardening/
Detect Endpoint Threats by Analyzing Process Logs in QRadar
– https://securityintelligence.com/detect-endpoint-threats-by-analyzing-process-logs-in-qradar/
The increased use of PowerShell in attacks – https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/increased-use-of-powershell-in-attacks-16-en.pdf
Threat Intelligence – https://manhattanmennonite.blogspot.co.uk/2016/12/threat-intelligence.html
“Sophisticated” and “Genius” Shamoon 2.0 Malware Analysis – https://www.codeandsec.com/Sophisticated-CyberWeapon-Shamoon-2-Malware-Analysis
Windows 10: protection, detection, and response against
recent Depriz malware attacks – https://blogs.technet.microsoft.com/mmpc/2016/12/09/windows-10-protection-detection-and-response-against-recent-attacks/
Evidence of Attackers’ Development Environment Left in
Shortcut Files – http://blog.jpcert.or.jp/2016/12/evidence-of-att-3388.html
Unprotect Project – http://unprotect.tdgt.org/index.php/Unprotect_Project
Sysmon – The Best Free Windows Monitoring Tool You Aren’t
Using – http://909research.com/sysmon-the-best-free-windows-monitoring-tool-you-arent-using/
Windows Wednesday: Application Compatibility Cache – https://medium.com/@mbromileyDFIR/windows-wednesday-shim-cache-1997ba8b13e7#.ht7717lyb
The Great Cyber Game: Commentary (2) – Analysis of a message
of messages containing messages – https://medium.com/@thegrugq/the-great-cyber-game-commentary-2-33c9b79ca8ac#.79ozlt1yj
Will Advanced Threat Analytics help me with all operating
systems? – https://blogs.technet.microsoft.com/enterprisemobility/2016/12/12/will-advanced-threat-analytics-help-me-with-non-windows-oss/
PowerShell Logging for the Blue Team – http://www.blackhillsinfosec.com/?p=5516
Learning From A Year of Security Breaches – https://medium.com/starting-up-security/learning-from-a-year-of-security-breaches-ed036ea05d9b#.q7413c6nd
Danger Close: Fancy Bear Tracking of Ukrainian Field
Artillery Units – https://www.crowdstrike.com/blog/danger-close-fancy-bear-tracking-ukrainian-field-artillery-units/
My Favorite Threat Intel Tweets of 2016 – http://www.cyintanalysis.com/my-favorite-threat-intel-tweets-of-2016/
The Incident Response Hierarchy of Needs – https://github.com/swannman/ircapabilities
Working with Sysmon – https://haveyousecured.blogspot.co.uk/2016/12/working-with-sysmon.html
The Kings In Your Castle Part 5: APT correlation and
do-it-yourself threat research – https://cyber.wtf/2016/12/15/the-kings-in-your-castle-part-5-apt-correlation-and-do-it-yourself-threat-research/
Technical developments in Cryptography: 2016 in Review – https://www.eff.org/deeplinks/2016/12/what-happened-crypto-2016
Tor and its Discontents – https://medium.com/@thegrugq/tor-and-its-discontents-ef5164845908#.tvynghjpa
Insider Threats: “The Shadow Brokers” Likely Did Not Hack
the NSA – https://www.flashpoint-intel.com/insider-threats-shadow-brokers-likely-not-hack-nsa/
Original Link : https://threatintel.eu/2016/12/27/threat-intel-annual-reads-2016/
