Friday, December 30, 2016

Threat Intel Annual Reads 2016

Intelligence Technology and Tradecraft in 2015 –
No, Norse is Not a Bellwether of the Threat Intel Industry but Does Hold Lessons Learned –
VB2015 paper: Effectively testing APT defences: defining threats, addressing objections to testing, and suggesting some practical approaches –
The Role of Curiosity in Security Investigations –

NSA’s TAO Head on Internet Offense and Defense –
Themes, Personal Notes, & Resources From SANS CTI Summit 2016 –
FireEye Releases Mandiant M-Trends Report with Insights from Advanced Attack Investigations –
Greater Visibility Through PowerShell Logging –
Detecting Offensive PowerShell Attack Tools –

The Problems with Seeking and Avoiding True Attribution to Cyber Attacks –
Questions for Evaluating an External Threat Intelligence Source –
Conducting Red Team Assessments Without the Use of Malware –
A Novel WMI Persistence Implementation –
Investigating PowerShell: Command and Script Logging –

PowerShell Takes Center Stage as Attackers Attempt to Cloak Attacks –
Hack Back! A DIY Guide –
Tradecraft Tuesday – Hacking Team Breach Overview –
What is Threat Hunting? –
Magical Thinking in Internet Security –
Sysmon logs at scale analyzed with Splunk –
Verizon’€™s 2016 Data Breach Investigations Report –

How to Fall Victim to Advanced Persistent Threats –
Unofficial Guide to Mimikatz & Command Reference –
A bomb just dropped in endpoint security… and I’m not sure anyone noticed –
Adversarial Tactics, Techniques & Common Knowledge –
Technical Report about the Malware used in the Cyberespionage against RUAG –
Targeted Attacks against Banks in the Middle East –
Windows Top 10 Events to monitor from My Dell Enterprise Security Summit Talk –

Common Ground Part 1: Red Team History & Overview –
Common Ground: Planning is Key –
Why Ransomware? Why Now? How Intelligence Would Address Infosec Questions –
Bears in the Midst: Intrusion into the Democratic National Committee –
Penetration Test vs. Red Team Assessment: The Age Old Debate of Pirates vs. Ninjas Continues –
Shiny Object? Guccifer 2.0 and the DNC Breach –

The Darker Side of Threat Intelligence: Cyber Stockholm Syndrome –
The Threat Hunting Project –
Common Ground Part 3: Execution and the People Factor –
Spotting the Adversary with Windows Event Log Monitoring (version 2) –
How to Build a 404 page not found C2 –
5 Takeaways From The “Building A Strategic Threat Intelligence Program” Webinar –
An Important Internal Intelligence Source to Add to Your Collection Plan –
STIX 2.0 – CTI TC Development –

PowerShell Security: PowerShell Attack Tools, Mitigation, & Detection –
Automating Detection of Known Malware through Memory Forensics –
procfilter – A YARA-integrated process denial framework for Windows-
How to Build Your Own Penetration Testing Drop Box –
The Shadow Brokers: Lifting the Shadows of the NSA’s Equation Group? –
Threat Intelligence Definition: What is Old is New Again –
Intelligence Defined and its Impact on Cyber Threat Intelligence –
Examining Recent Ransomware Infection Techniques (And Some Thoughts on Consuming Intelligence) –
The Laws of Cyber Threat: Diamond Model Axioms –
FIRST announces Traffic Light Protocol (TLP) version 1.0 –
RIPPER ATM Malware and the 12 Million Baht Jackpot –

Some Favorite DerbyCon 6 Talks (2016)  –
Let the benchmarks hit the floor: Autopsy vs Encase vs FTK vs X-Ways (in depth testing) –
Welcome to the Cyber Analytics Repository –
Five Attributes of an Effective Corporate Red Team –
A Simple, Free, and Fast Open Source Workflow For Processing Indicators –
Indicators and Security Analytics: Their Place in Detection and Response –
How to Hunt: Detecting Persistence & Evasion with the COM –
The Effects of Opening Move Selection on Investigation Speed –
Detecting Data Staging & Exfil Using the Producer-Consumer Ratio –
Europol’s 2016 Internet Organised Crime Threat Assessment (IOCTA) –
Mind Games: International Championship – Intelligence Agency Calculus –

Securing Windows Workstations: Developing a Secure Baseline  –
The Diamond Model and Network Based Threat Replication –
The Windows Logging, File and Registry Auditing Cheat Sheets updated for Windows 10 and some cleanup and additions –
Why Threat Intelligence Sharing is Not Working: Towards An Incentive-Based Model –
The $5 Vendor-Free Crash Course: Cyber Threat Intel –
Nation State Threat Attribution: a FAQ –
Increased Use of WMI for Environment Detection and Evasion –
Building Threat Hunting Strategies with the Diamond Model –
Net Cease – Hardening Net Session Enumeration –
Threat Hunting – A Tale of Wishful Thinking and Willful Ignorance … –
Common Red Team Techniques vs Blue Team Controls Infographic –
MISP -The Design and Implementation of a Collaborative Threat Intelligence Sharing Platform –

Securing Domain Controllers to Improve Active Directory Security  –
Seek Evil, and Ye Shall Find: A Guide to Cyber Threat Hunting Operations –
Leak on Aisle 12! An Analysis of Competing Hypotheses for the Tesco Bank Incident –
The Hunter’s Den: Internal Reconnaissance (Part 1) –
2016 Targeted Threats in Review – What We’ve Learned –
Extending Linux Executable Logging With The Integrity Measurement Architecture –
Digital Forensics / Incident Response – The Definitive Compendium Project –
Microsoft replaces cmd.exe with PowerShell in latest Win10 build –
FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region –
6 Red Team Infrastructure Tips –
Hunting For and Detecting Advanced Threats with Sysmon –
How do security professionals study threat actors, & why do we do it? –
SAMRi10: Windows 10 hardening tool for thwarting network recon –
Detect Endpoint Threats by Analyzing Process Logs in QRadar –
“Sophisticated” and “Genius” Shamoon 2.0 Malware Analysis –
Windows 10: protection, detection, and response against recent Depriz malware attacks –
Evidence of Attackers’ Development Environment Left in Shortcut Files –
Sysmon – The Best Free Windows Monitoring Tool You Aren’t Using –
The Great Cyber Game: Commentary (2) – Analysis of a message of messages containing messages –
PowerShell Logging for the Blue Team –
Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units –
My Favorite Threat Intel Tweets of 2016 –
The Incident Response Hierarchy of Needs –
The Kings In Your Castle Part 5: APT correlation and do-it-yourself threat research –
Technical developments in Cryptography: 2016 in Review –

Insider Threats: “The Shadow Brokers” Likely Did Not Hack the NSA –

Original Link :

No comments:

Post a Comment