Windows Memory Map

SANS Cyber Threat Intelligence Summit 2013

I recently attended the first SANS CTI Summit in Washington DC. While there was plenty of brain power in the room, and good discussions were to be had, overall it was just ok. There was a big focus on what CTI is and why you should be doing it, or at least consuming it. There wasn't enough discussion, aside from one talk, on how you should be doing it. It basically reinforced my beliefs that this is still very much a small, closed off club of insiders, where nobody is sharing tradecraft. I love that SANS is getting involved in this space though, and it sounds like Mike Cloppert will be writing a SANS course on Threat Intelligence in the future. I would very much be interested in that and I expect it would sell out quickly. Mike Cloppert opened the day by discussing the old vulnerability centric approach focused on reducing attack surface as opposed to the new threat centric model focused on reducing the risk of the actual threats affecting your ...

2020 SANS CTI Summit Notes

Unfortunately due to some back surgery I was not able to attend the SANS CTI summit this year, however I always try to take advantage of the great content SANS makes available. To help me out in synthesizing the information, I combined the context provided by those that were live tweeting which is useful when reviewing the slide decks. Hope you find this useful and well done @rickholland , @PDXbek , and @likethecoins , another great year of great content! Day 1 Secret Squirrels and Flashlights: Legal Risks and Threat Intelligence https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1579535253.pdf @CristinGoodwin Assistant General Counsel for Customer Security and Trust, Microsoft Boundaries and strategies to help analysts identify and manage legal risks while hunting, investigating, and responding "Have a principled approach to sharing, so when the crisis comes you don’t have to panic.” "What we call common in #threatinel sharing is what a l...

SANS DFIRSummit 2015

I was fortunate to have been able to attend both the DFIR Summit and the Forensic 508 course this year. It's been forever since I've been able to pick a training course, not tied to purchase of a product. I have always wanted to go to the summit, but it never worked out. Having heard good things about it, my expectations were high. The Hilton venue itself was top notch. The rooms were updated and the conference space was very spacious, so it never felt crowded. It cost me $18 for an Uber, so it wasn't too far from the airport. The location 2 blocks from 6th street (aka Dirty 6th) was perfect. Every night there was tons of live music happening and lots of bars and restaurants to check out. James Dunn from Sony kicked off the conference and unfortunately did not talk about the breach. He did however point out some great things about how orgs need to move beyond the Kill Chain. Most of what matters in crisis management happens after actions on objectives by the attacke...

CyberGuardians

Search This Blog