Let’s assume that until now, we have been applying active cyber defence in our environment. We are consuming intelligence, creating intelligence and working in tandem with our security operations teams to outmaneuver the adversary. We have also adopted the cyber kill chain model and other models to integrate intelligence within operations. Also, we are updating…
Category: Theat Intelligence
Active Cyber Defence: The need for an active cyber defence model (1)
It’s been some time since the first honeypots were developed and the concept of deception contemplated as a potential mechanism to detect, slow down and counter-attack the opponent. We are looking at 15 to 20 years of attempts to embrace cyber deception, almost in parallel in the same amount of time the threat has evolved…
Intelligence-Driven Incident Response, book review.
Intelligence Driven Incident Response is a great book that provides insight into the evolving field of Defense Intelligence. This book is about the missing link between your cyber defense operations teams, threat intelligence and intelligence to provide the organization with full spectrum defensive capabilities. The book is an extensive walkthrough that will take the reader…
Cyber Threat hunting with Sqrrl (From Beaconing to Lateral Movement)
This is a review of one of the new generation continuous security monitoring solutions. They have been evolving from a reactive to a proactive approach, today we call them threat hunting platforms. Sqrrl combines outstanding visualization capabilities and strong cyber analytics models to make threat hunting and incident detection a walk in the park. To…
How to define and build an effective Cyber Threat Intelligence Capability by Henry Dalziel and Eric Olson.
Have you heard all the buzz around threat intelligence? This book will explain CTI in plain english. It is a very simple book to read and I believe it is not only useful for technical people but also for Managers and Sales. Whether you need to implement a threat intelligence program or sell your organization’s…
Memory Forensics with Vshot and Remnux (rogue process identification,2)
We start this post where we left the first one, we are moving now into the analysis phase once we have parsed the memory dump with Volatility and the Vshot script included in Remnux. The current script version 4.01 is running 44 plugins against the memory dump. Let’s have a quick look at the plugins…
Paper: Wave your false flags! Deception tactics muddying attribution in targeted attacks
This is an 11 page white paper that goes through the current challenges faced by researchers to attribute cyber attacks. It goes through the current techniques such as, Timestamps Strings, debug and metadata Malware families, code reuse Threat infrastructure used It also present some of the most advance APT’s and their potential origin and techniques believed…
