FOR578 — Cyber Threat Intelligence has now been running as a course at SANS for a little over two years. In that time a lot has evolved including the field itself being extended through the SANS FOR578 authors and students. A major update has now taken place in the course to codify next skill sets and advancements, understanding in adversary behavioral tradecraft, and new exciting labs to push security to a new level. Come learn about the updates, why FOR578 should be a class you should take, and in general why Intelligence matters to you regardless of your security role.

For more information about the FOR578 course visit or to register for the course visit: sans.org/FOR578

For more information about GCTI Certification vsit: www.giac.org/u/wY7

Speaker Bio

Robert M. Lee

Robert M. Lee is the CEO and Founder of the industrial (ICS/IIoT) cyber security company Dragos, Inc. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcodes Influencers, awarded EnergySecs Cyber Security Professional of the Year (2015), and inducted into Forbes 30 under 30 for Enterprise Technology (2016).

A passionate educator, Robert is the course author of SANS ICS515 — «ICS Active Defense and Incident Response» with its accompanying GIAC certification GRID and the lead-author of SANS FOR578 — «Cyber Threat Intelligence» with its accompanying GIAC GCTI certification. He may be found on Twitter @RobertMLee

Dragos VP of Threat Intelligence, Sergio Caltagirone, co-hosted with Dave Bittner from Cyberwire, discusses threat intelligence as part of a cybersecurity strategy to help organizations reduce risk by improving detection, response, and prevention of secure critical infrastructure.
Topics covered:
— What is threat intelligence and why you need it
— How threat intelligence can reduce your organization’s risk profile
— Vulnerable industrial assets that need protection
— Highlights from major cyber risks impacting Oil and Gas and Utilities

MITRE ATT

sans.org/dfirsummit

Two useful disciplines are cyber threat intelligence and active cyber defense. However, there is confusion around both of these areas that leads to a perception of hype and cost instead of vital tools for defenders to use. In the case of threat intelligence, many security companies have offered a range of threat intelligence products and feeds but there is confusion in the community as a whole as to how to maximize the value out threat intelligence. With active defense, there has been an attempt to brand this strategy as a hack-back or otherwise offense based practice whereas the strategy for an active defense has existed long before the word ‘cyber’ and is focused around practices such as incident response. This presentation will examine the current state of cyber threat intelligence and active cyber defense as well as provide strategies for leveraging proven cyber intelligence models within active cyber defense operations

Speakers:
Robert M. Lee (@robertmlee), Author

This talk will look at the art of espionage and intelligence gathering over the last 50 years.

Thursday, May 11, 2017
5:00pm-6:00pm
Room 001, Rockefeller Center

This talk will look at the art of espionage and intelligence gathering over the last 50 years. We will look at the evolution of the tools of the trade and the rules of the trade, and a number of examples of successful espionage episodes will be discussed in relation to the tools and rules. We’ll see how the number of participants has exploded over the past 50 years, and speculate about the path of espionage in the coming years.

Richard M. (Dickie) George joined the National Security Agency in 1970 as a mathematician, and remained at NSA until his retirement in 2011. While at NSA, he wrote more than 125 technical papers on cryptomathematical subjects, and served in a number of positions: analyst, and technical director at the division, office, group, and directorate level. He served as the Technical Director of the Information Assurance Directorate for eight years until his retirement. Mr. George remains active in the security arena; he is currently the Senior Advisor for Cyber Security at the Johns Hopkins University Applied Physics Laboratory where he works on a number of projects in support of the U.S. Government. He is also the APL representative to the I3P, a consortium of universities, national labs, and non-profit institutions dedicated to strengthening the cyber infrastructure of the United States.

This talk will examine Intelligence Preparation for the Battlefield and for the Environment (IPB/IPE) for the cyber domain. We will look at the conventional intelligence methodologies and use our findings to answer key questions for Intelligence Preparation of the Cyber Environment (IPCE): What do I look I look like to my attackers, what do my attackers look like to me, how are we likely to “do battle,” and thus how can I better prepare for it. The talk will
provide an overview of how the conventional methodology is applied to the cyber environment and, ultimately, how it applies to
the organizations of attendees themselves.

We’ll look at how to collect information on the attackers, how to understand your own environment, and how to visualize a likely attack and prepare for it.

Speaker Bio: Rob Dartnall (@cyberfusionteam), Director of Intelligence, Security Alliance Ltd.
Drawing on his diverse intelligence background, Rob brings together both cyber and traditional intelligence experience. Rob is an ex-British Army Military Intelligence Operator specializing in intelligence fusion, exploitation, and strategic analysis. After leaving the military, he entered the cyber security industry, where he specializes in bringing traditional methodologies to cyber threat
intelligence and insider threat analysis
.

Threat Intelligence At Microsoft: A Look Inside

Register for the 2018 Cyber Threat Intelligence Summit: www.sans.org/u/wOQ

Sergio Caltagirone will dive deep into the operations, processes, and tools of the threat intelligence practice at one of the largest companies in the world, Microsoft. He will share how they do what they do to protect billions of customers worldwide while at the same time
protecting their own multi-national organization from threats. This presentation will include their core philosophies which influence decisions around threat intelligence and some lessons and
perspective for others building and managing their own threat intelligence practice.

Sergio Caltagirone (@cnoanalysis), Director – Threat Intelligence

Speaker: Eric Conrad, CTO, Backshore Communications; Senior Instructor, Co-Author SEC511 and SEC542, Author MGT514, SANS Institute

Windows Sysinternals Sysmon offers a wealth of information regarding processes running in a Windows environment (including malware). This talk will focus on leveraging Sysmon logs to to centrally hunt malice in a Windows environment. Virtually all malware may be detected via event logs, especially after enabling Sysmon logs.

Sysmon includes advanced capabilities, including logging the import hash (imphash) of each process, which fingerprints the names and order of DLLs loaded by a portable executable. This provides an excellent way of tracking families of related malware.
We will also discuss updates to DeepWhite: an open source detective application whitelisting framework that relies on Microsoft Sysinternals Sysmon and supports auto-submission of imphashes, EXE, DLL and driver hashes via a free Virustotal Community API key.

SANS Summit schedule: www.sans.org/u/DuS

The Blue Team Summit features presentations and panel discussions covering actionable techniques, new tools, and innovative methods that help cyber defenders improve their ability to prevent and detect attacks.

U.S. intelligence agencies accuse Russia of hacking the 2016 presidential election, a Ben Ferguson travels to Tel Aviv to find out how Israel is on its way to becoming the worlds top cyber superpower.

Subscribe to VICE News here: bit.ly/Subscribe-to-VICE-News

Check out VICE News for more: vicenews.com

Follow VICE News here:
Facebook: www.facebook.com/vicenews
Twitter: twitter.com/vicenews
Tumblr: vicenews.tumblr.com/
Instagram: instagram.com/vicenews
More videos from the VICE network: www.fb.com/vicevideo

#VICEonHBO

Using threat intelligence feeds for good....instead of wasting time and money.

Johns intense hatred for threat intelligence feeds is pretty well known. Trying to defend your network against specific attacks from specific actors is a waste of time and effort. But maybe there is a way we can do this better! Could we automate this? Possibly, John has had a change of heart… Not likely. But join us and see for yourself.

Slides available here: blackhillsinformationsecurity.shootproof.com/gallery/8000789