sans.org/dfirsummit

Two useful disciplines are cyber threat intelligence and active cyber defense. However, there is confusion around both of these areas that leads to a perception of hype and cost instead of vital tools for defenders to use. In the case of threat intelligence, many security companies have offered a range of threat intelligence products and feeds but there is confusion in the community as a whole as to how to maximize the value out threat intelligence. With active defense, there has been an attempt to brand this strategy as a hack-back or otherwise offense based practice whereas the strategy for an active defense has existed long before the word ‘cyber’ and is focused around practices such as incident response. This presentation will examine the current state of cyber threat intelligence and active cyber defense as well as provide strategies for leveraging proven cyber intelligence models within active cyber defense operations

Speakers:
Robert M. Lee (@robertmlee), Author

This talk will look at the art of espionage and intelligence gathering over the last 50 years.

Thursday, May 11, 2017
5:00pm-6:00pm
Room 001, Rockefeller Center

This talk will look at the art of espionage and intelligence gathering over the last 50 years. We will look at the evolution of the tools of the trade and the rules of the trade, and a number of examples of successful espionage episodes will be discussed in relation to the tools and rules. We’ll see how the number of participants has exploded over the past 50 years, and speculate about the path of espionage in the coming years.

Richard M. (Dickie) George joined the National Security Agency in 1970 as a mathematician, and remained at NSA until his retirement in 2011. While at NSA, he wrote more than 125 technical papers on cryptomathematical subjects, and served in a number of positions: analyst, and technical director at the division, office, group, and directorate level. He served as the Technical Director of the Information Assurance Directorate for eight years until his retirement. Mr. George remains active in the security arena; he is currently the Senior Advisor for Cyber Security at the Johns Hopkins University Applied Physics Laboratory where he works on a number of projects in support of the U.S. Government. He is also the APL representative to the I3P, a consortium of universities, national labs, and non-profit institutions dedicated to strengthening the cyber infrastructure of the United States.

This talk will examine Intelligence Preparation for the Battlefield and for the Environment (IPB/IPE) for the cyber domain. We will look at the conventional intelligence methodologies and use our findings to answer key questions for Intelligence Preparation of the Cyber Environment (IPCE): What do I look I look like to my attackers, what do my attackers look like to me, how are we likely to “do battle,” and thus how can I better prepare for it. The talk will
provide an overview of how the conventional methodology is applied to the cyber environment and, ultimately, how it applies to
the organizations of attendees themselves.

We’ll look at how to collect information on the attackers, how to understand your own environment, and how to visualize a likely attack and prepare for it.

Speaker Bio: Rob Dartnall (@cyberfusionteam), Director of Intelligence, Security Alliance Ltd.
Drawing on his diverse intelligence background, Rob brings together both cyber and traditional intelligence experience. Rob is an ex-British Army Military Intelligence Operator specializing in intelligence fusion, exploitation, and strategic analysis. After leaving the military, he entered the cyber security industry, where he specializes in bringing traditional methodologies to cyber threat
intelligence and insider threat analysis
.

Threat Intelligence At Microsoft: A Look Inside

Register for the 2018 Cyber Threat Intelligence Summit: www.sans.org/u/wOQ

Sergio Caltagirone will dive deep into the operations, processes, and tools of the threat intelligence practice at one of the largest companies in the world, Microsoft. He will share how they do what they do to protect billions of customers worldwide while at the same time
protecting their own multi-national organization from threats. This presentation will include their core philosophies which influence decisions around threat intelligence and some lessons and
perspective for others building and managing their own threat intelligence practice.

Sergio Caltagirone (@cnoanalysis), Director – Threat Intelligence

Speaker: Eric Conrad, CTO, Backshore Communications; Senior Instructor, Co-Author SEC511 and SEC542, Author MGT514, SANS Institute

Windows Sysinternals Sysmon offers a wealth of information regarding processes running in a Windows environment (including malware). This talk will focus on leveraging Sysmon logs to to centrally hunt malice in a Windows environment. Virtually all malware may be detected via event logs, especially after enabling Sysmon logs.

Sysmon includes advanced capabilities, including logging the import hash (imphash) of each process, which fingerprints the names and order of DLLs loaded by a portable executable. This provides an excellent way of tracking families of related malware.
We will also discuss updates to DeepWhite: an open source detective application whitelisting framework that relies on Microsoft Sysinternals Sysmon and supports auto-submission of imphashes, EXE, DLL and driver hashes via a free Virustotal Community API key.

SANS Summit schedule: www.sans.org/u/DuS

The Blue Team Summit features presentations and panel discussions covering actionable techniques, new tools, and innovative methods that help cyber defenders improve their ability to prevent and detect attacks.

U.S. intelligence agencies accuse Russia of hacking the 2016 presidential election, a Ben Ferguson travels to Tel Aviv to find out how Israel is on its way to becoming the worlds top cyber superpower.

Subscribe to VICE News here: bit.ly/Subscribe-to-VICE-News

Check out VICE News for more: vicenews.com

Follow VICE News here:
Facebook: www.facebook.com/vicenews
Twitter: twitter.com/vicenews
Tumblr: vicenews.tumblr.com/
Instagram: instagram.com/vicenews
More videos from the VICE network: www.fb.com/vicevideo

#VICEonHBO

Using threat intelligence feeds for good....instead of wasting time and money.

Johns intense hatred for threat intelligence feeds is pretty well known. Trying to defend your network against specific attacks from specific actors is a waste of time and effort. But maybe there is a way we can do this better! Could we automate this? Possibly, John has had a change of heart… Not likely. But join us and see for yourself.

Slides available here: blackhillsinformationsecurity.shootproof.com/gallery/8000789

If you build, manage, or provide threat intelligence services, this presentation was created with you in mind. Chris Cochran has spent over a decade building numerous threat intelligence capabilities for various organizations, including Netflix. He has designed a simple touchstone for teams of all skill levels that are looking to improve their threat operations. His four-point model is as follows: Elicit Requirements, Assess Collection Plan and Strive for Impact, and Yield to Feedback. In this presentation, Chris will discuss why these are his pillars of practice and what has gone right while building out his programs, as well as what has gone terribly wrong. Attendees will leave with a powerful model to leverage and execute impactful threat intelligence missions.

Chris Cochran @chriscochrcyber, Threat Intelligence and Operations Lead, Netflix

MIT 6.858 Computer Systems Security, Fall 2014
View the complete course: ocw.mit.edu/6-858F14
Instructor: Nickolai Zeldovich

In this lecture, Professor Zeldovich gives a brief overview of the class, summarizing class organization and the concept of threat models.

License: Creative Commons BY-NC-SA
More information at ocw.mit.edu/terms
More courses at ocw.mit.edu

Jessica Lee, a cyber threat intelligence analyst, works to protect the information and technology assets in every single country where Chevron does business.