Giters

ch33r10 / ISACA-Tucson-2021

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ISACATucson2021 header

     

ADVERSARY DETECTION PIPELINES: FINALLY MAKING YOUR THREAT INTEL USEFUL🥳

🎉ISACA Tucson Chapter 2021 Spotify Playlist🎉

Security teams often feel like they're in a losing battle with threat intel. They don't know how to make threat intel useful or operationalize it within their organizations, especially if there isn't a dedicated full-time team. In this talk, we'll help you extract more value out of your threat intel program, giving you an easy win to level up not just your team, but the other teams in your security department. First, we'll explore why true attribution is so hard, from false flag operations and proxy attackers to obtaining all the forensic data you would need and even possible coordination with law enforcement or government agencies to perform true attribution. We'll discuss TTPs and how they're a lower-cost way of tracking threat activity groups for most organizations. Then we'll introduce Adversary Detection Pipelines, how they can add value through prioritizing defensive and offensive activities as well as a discussion on the practical implementation of them in any organization. Finally, we'll conclude by looking at case studies of how purple teams can leverage Adversary Detection Pipelines to enhance their operations and encourage an intelligence driven security program.

💌REFERENCES💌

🔮ATTRIBUTION

  • Brian Bartholomew & Juan Andres Guerrero-Saade. Wave Your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks - Link

  • Jake Williams. Conducting a Successful False Flag Operation. BlackHat Europe 2019 - Link
  • Jason D. Jolley. Attribution, State Responsibility, and the Duty to Prevent Malicious Cyber-Attacks in International Law - Link
  • Katie Nickels. The Attribution Game: When Knowing Your Adversary Matters - Link
  • Robert M. Lee. The Problems with Seeking and Avoiding True Attribution to Cyber Attacks - Link
  • Thomas Rid & Ben Buchanan. Attributing Cyber Attacks - Link
  • Tim Maurer. Cyber Mercenaries: The State, Hackers, and Power - Link

🦾TTPs

  • Adam Pennington. Emulating an Adversary with Imperfect Intelligence. DEF CON 28 Red Team Village - Link
  • MITRE ATT&CK TTP Training - Link

💋CYBER THREAT INTELLIGENCE

  • Amy Bejtlich. Analytic Tradecraft in the Real World - Link
  • Brian P. Kime. Threat Intelligence: Planning and Direction - Link
  • Rebekah Brown & Robert M. Lee. The Evolution of CTI: 2019 SANS CTI Survey - Link
  • Scott J. Roberts. CTI Squad Goals-Setting Requirements - Link
  • Sergio Caltagirone. Building Threat Hunting Strategies with the Diamond Model - Link
  • Sergio Caltagirone, Andrew Pendergast, & Christopher Betz. The Diamond Model of Intrusion Analysis - Link

💅HUNT

  • David J. Bianco and Cat Self. SANS Threat Hunting & IR Europe Summit 2020 - Link
  • Joshua Stevens. Hunting for the Undefined Threat: Advanced Analytics & Visualization. RSA Conference 2015 - Link
  • Matt Bromiley. Thinking like a Hunter: Implementing a Threat Hunting Program. SANS Analyst Paper - Link
  • Robert M. Lee and David J. Bianco. Generating Hypotheses for Successful Threat Hunting. SANS Analyst White Paper - Link
  • Roberto Rodriguez. How Hot is your Hunt Team? - Link

🦄PURPLE

  • C2 Matrix - Link
  • Ch33r10's Purple Team Exercise Idea Queue - Link
  • Ch33r10's Purple Team Resources - Link
  • Jorge Orchilles. Purple Team Exercise Framework Workshop - Link
  • SCYTHE’s Purple Team Exercise Framework - Link
  • SCYTHE's Community Threats - Link

👾MALWARE ANALYSIS

  • Coleman Kane. Malware Analysis - Link
  • Monnappa K A. Learning Malware Analysis - Link

🎀RESOURCES

  • Attack2Jira by Mauricio Velazco and Olindo Verrillo - Link
  • Ch33r10's Field Classifications Contribution for Attack2Jira by Mauricio Velazco and Olindo Verrillo - Link
  • NIST Cybersecurity Framework, MITRE ATT&CK v8.2, & CIS Controls v8 CSV (Mappings Compliments of CIS - Center for Internet Security) - Link
  • The DFIR Report - Link
FOR THE LAWYERS
"The opinions expressed in this Github repo are those of the individual account, in their individual capacity, and not necessarily those of the employers. Mention of any vendors, services, products, or otherwise does not endorse them as a vendor. This content and any related discussions are solely the views, opinions, and experiences of the participants and should not be presumed to reflect the opinion or the official position of any employers of the participants. Examples and views provided herein, including strategies, goals, targets, and indicators are for illustrative purposes only and should not be regarded as representative of the participants' employers or respective portfolios. To the extent that this participation, discussion, and interview outlines a general technology direction, the participants' employers have no obligation to pursue any such approach or to develop or use any functionality mentioned herein. Any suggested technology strategy or possible future developments are subject to change at the employers' sole discretion without notice. Content in this presentation is the intellectual property of the applicable creators and may be protected under the copyright laws of the United States and/or other countries. All trademarks are the property of their respective owners and are used for informational purposes only."

About

License:MIT License