Dragos VP of Threat Intelligence, Sergio Caltagirone, co-hosted with Dave Bittner from Cyberwire, discusses threat intelligence as part of a cybersecurity strategy to help organizations reduce risk by improving detection, response, and prevention of secure critical infrastructure.
Topics covered:
— What is threat intelligence and why you need it
— How threat intelligence can reduce your organization’s risk profile
— Vulnerable industrial assets that need protection
— Highlights from major cyber risks impacting Oil and Gas and Utilities
This talk will look at the art of espionage and intelligence gathering over the last 50 years.
Thursday, May 11, 2017
5:00pm-6:00pm
Room 001, Rockefeller Center
This talk will look at the art of espionage and intelligence gathering over the last 50 years. We will look at the evolution of the tools of the trade and the rules of the trade, and a number of examples of successful espionage episodes will be discussed in relation to the tools and rules. We’ll see how the number of participants has exploded over the past 50 years, and speculate about the path of espionage in the coming years.
Richard M. (Dickie) George joined the National Security Agency in 1970 as a mathematician, and remained at NSA until his retirement in 2011. While at NSA, he wrote more than 125 technical papers on cryptomathematical subjects, and served in a number of positions: analyst, and technical director at the division, office, group, and directorate level. He served as the Technical Director of the Information Assurance Directorate for eight years until his retirement. Mr. George remains active in the security arena; he is currently the Senior Advisor for Cyber Security at the Johns Hopkins University Applied Physics Laboratory where he works on a number of projects in support of the U.S. Government. He is also the APL representative to the I3P, a consortium of universities, national labs, and non-profit institutions dedicated to strengthening the cyber infrastructure of the United States.
This talk will examine Intelligence Preparation for the Battlefield and for the Environment (IPB/IPE) for the cyber domain. We will look at the conventional intelligence methodologies and use our findings to answer key questions for Intelligence Preparation of the Cyber Environment (IPCE): What do I look I look like to my attackers, what do my attackers look like to me, how are we likely to “do battle,” and thus how can I better prepare for it. The talk will
provide an overview of how the conventional methodology is applied to the cyber environment and, ultimately, how it applies to
the organizations of attendees themselves.
We’ll look at how to collect information on the attackers, how to understand your own environment, and how to visualize a likely attack and prepare for it.
Speaker Bio: Rob Dartnall (@cyberfusionteam), Director of Intelligence, Security Alliance Ltd.
Drawing on his diverse intelligence background, Rob brings together both cyber and traditional intelligence experience. Rob is an ex-British Army Military Intelligence Operator specializing in intelligence fusion, exploitation, and strategic analysis. After leaving the military, he entered the cyber security industry, where he specializes in bringing traditional methodologies to cyber threat
intelligence and insider threat analysis
.
Speaker: Eric Conrad, CTO, Backshore Communications; Senior Instructor, Co-Author SEC511 and SEC542, Author MGT514, SANS Institute
Windows Sysinternals Sysmon offers a wealth of information regarding processes running in a Windows environment (including malware). This talk will focus on leveraging Sysmon logs to to centrally hunt malice in a Windows environment. Virtually all malware may be detected via event logs, especially after enabling Sysmon logs.
Sysmon includes advanced capabilities, including logging the import hash (imphash) of each process, which fingerprints the names and order of DLLs loaded by a portable executable. This provides an excellent way of tracking families of related malware.
We will also discuss updates to DeepWhite: an open source detective application whitelisting framework that relies on Microsoft Sysinternals Sysmon and supports auto-submission of imphashes, EXE, DLL and driver hashes via a free Virustotal Community API key.
The Blue Team Summit features presentations and panel discussions covering actionable techniques, new tools, and innovative methods that help cyber defenders improve their ability to prevent and detect attacks.
In this project we will automate this process using Machine Learning. We will share how we can use ML for Custom Entity Extraction to automatically extract entities specific to the cyber security domain from unstructured text. We will also share how this system can be used to generate insights such as identify patterns of attacks an enterprise may have faced and much more.
Everyone is moving to the cloud, specifically Microsoft Cloud. Microsoft expects to have 66 percent of its Office business customers in the cloud by 2019. Doing so makes sense: it’s easier than having on-premises mail servers, it (theoretically) reduces costs, and Microsoft Office 365 has one of the best security teams in the world. However, there is a downside, which is that it’s hard to protect what you can’t see or access. As of today, it is extremely difficult (or impossible, depending on your subscription level) to apply your externally created threat intelligence into Microsoft Office 365 detections. It is even more frustrating to try and search for known indicators on a platform that is not designed to help the security community.
This talk will describe methods and release open-source code to enhance your Office 365 security by analyzing email metadata, attachments, and even full content with tools like stoQ or LaikaBOSS and by looking at how to use that information to research and create actionable threat intelligence via platforms like Splunk.
Dave Herrald (@daveherrald), Staff Security Strategist, Splunk
Ryan Kovar (@meansec), Principal Security Strategist, Splunk
From Wild West Hackin Fest 2018 in Deadwood, SD.
Presenter: April C. Wright
April C. Wright is a hacker, writer, teacher, and community leader with over 25 years of breaking, making, fixing, and defending global critical communications and connections. She is an international speaker and trainer, educating others about personal privacy and information security with the goal of safeguarding the digital components we rely on every day. A security specialist for a Fortune 15 company and an OReilly author, April has held roles on offensive, defensive, operational, and development teams throughout her career, and been a speaker and contributor at numerous security conferences including BlackHat, DEF CON, DerbyCon, Hack in Paris, DefCamp, ITWeb, as well as for the US Government and industry organizations such as OWASP and ISSA. She has started multiple small businesses including a non-profit, is a member of the DEF CON Groups Core Team, and in 2017 she co-founded the Boston DEF CON Group DC617.
Aaron Jones presented «Introduction To Shodan» at the Phoenix Linux Users Groups security meeting on July 19th 2018
Introduction To Shodan is designed to provide an overview of the search engine for finding devices connected to the internet. Shodan is a security researcher tool that works by scanning the entire internet, locating and parsing banners, and then returning this information to the user. Shodan is an excellent tool to familiarize yourself with if you do not have the infrastructure or tools necessary to run masscan yourself. Shodan is useful in the target selection phase of an operation.
About Aaron:
Aaron is an experienced Linux user with several years of teaching experience. He works in the industry as a software developer while also providing consultancy on cyber security related topics. His discussions are AZ Post certified for training credit for law enforcement and he prides himself on providing quality educational material that is relevant and topical. He has a Masters Degree in Intelligence Analysis with a focus in Cyber Security, is a life long learner, and prides himself on staying up to date with the ever changing field of cyber security.
If you like what you see here and live in the Phoenix, Arizona area, the Phoenix Linux Users Group meets several times a month. Please visit PhxLinux.org for meeting times and locations then come see the presentations live and uncut.
