Threat Intelligence At Microsoft: A Look Inside

Register for the 2018 Cyber Threat Intelligence Summit: www.sans.org/u/wOQ

Sergio Caltagirone will dive deep into the operations, processes, and tools of the threat intelligence practice at one of the largest companies in the world, Microsoft. He will share how they do what they do to protect billions of customers worldwide while at the same time
protecting their own multi-national organization from threats. This presentation will include their core philosophies which influence decisions around threat intelligence and some lessons and
perspective for others building and managing their own threat intelligence practice.

Sergio Caltagirone (@cnoanalysis), Director – Threat Intelligence

Speaker: Eric Conrad, CTO, Backshore Communications; Senior Instructor, Co-Author SEC511 and SEC542, Author MGT514, SANS Institute

Windows Sysinternals Sysmon offers a wealth of information regarding processes running in a Windows environment (including malware). This talk will focus on leveraging Sysmon logs to to centrally hunt malice in a Windows environment. Virtually all malware may be detected via event logs, especially after enabling Sysmon logs.

Sysmon includes advanced capabilities, including logging the import hash (imphash) of each process, which fingerprints the names and order of DLLs loaded by a portable executable. This provides an excellent way of tracking families of related malware.
We will also discuss updates to DeepWhite: an open source detective application whitelisting framework that relies on Microsoft Sysinternals Sysmon and supports auto-submission of imphashes, EXE, DLL and driver hashes via a free Virustotal Community API key.

SANS Summit schedule: www.sans.org/u/DuS

The Blue Team Summit features presentations and panel discussions covering actionable techniques, new tools, and innovative methods that help cyber defenders improve their ability to prevent and detect attacks.

U.S. intelligence agencies accuse Russia of hacking the 2016 presidential election, a Ben Ferguson travels to Tel Aviv to find out how Israel is on its way to becoming the worlds top cyber superpower.

Subscribe to VICE News here: bit.ly/Subscribe-to-VICE-News

Check out VICE News for more: vicenews.com

Follow VICE News here:
Facebook: www.facebook.com/vicenews
Twitter: twitter.com/vicenews
Tumblr: vicenews.tumblr.com/
Instagram: instagram.com/vicenews
More videos from the VICE network: www.fb.com/vicevideo

#VICEonHBO

Using threat intelligence feeds for good....instead of wasting time and money.

Johns intense hatred for threat intelligence feeds is pretty well known. Trying to defend your network against specific attacks from specific actors is a waste of time and effort. But maybe there is a way we can do this better! Could we automate this? Possibly, John has had a change of heart… Not likely. But join us and see for yourself.

Slides available here: blackhillsinformationsecurity.shootproof.com/gallery/8000789

If you build, manage, or provide threat intelligence services, this presentation was created with you in mind. Chris Cochran has spent over a decade building numerous threat intelligence capabilities for various organizations, including Netflix. He has designed a simple touchstone for teams of all skill levels that are looking to improve their threat operations. His four-point model is as follows: Elicit Requirements, Assess Collection Plan and Strive for Impact, and Yield to Feedback. In this presentation, Chris will discuss why these are his pillars of practice and what has gone right while building out his programs, as well as what has gone terribly wrong. Attendees will leave with a powerful model to leverage and execute impactful threat intelligence missions.

Chris Cochran @chriscochrcyber, Threat Intelligence and Operations Lead, Netflix

MIT 6.858 Computer Systems Security, Fall 2014
View the complete course: ocw.mit.edu/6-858F14
Instructor: Nickolai Zeldovich

In this lecture, Professor Zeldovich gives a brief overview of the class, summarizing class organization and the concept of threat models.

License: Creative Commons BY-NC-SA
More information at ocw.mit.edu/terms
More courses at ocw.mit.edu

Jessica Lee, a cyber threat intelligence analyst, works to protect the information and technology assets in every single country where Chevron does business.

In this project we will automate this process using Machine Learning. We will share how we can use ML for Custom Entity Extraction to automatically extract entities specific to the cyber security domain from unstructured text. We will also share how this system can be used to generate insights such as identify patterns of attacks an enterprise may have faced and much more.

By Bhavna Soman

Full Abstract

The SANS FOR578 Cyber Threat Intelligence course ( www.sans.org/course/cyber-threat-intelligence) has been proven to be one of hottest courses offered by the DFIR Curriculum often sold out in each city. The overwhelming acceptance of this course has allowed SANS to collect invaluable feedback that is leading the course to the next level. We invite you to join lead author Robert M. Lee as he covers core cyber threat intelligence concepts and provides an overview of the FOR578 class who should attend and why. Attend this webcast and be among the first to get a sneak peak of the changes, additions, exciting new tools and tradecraft added into the course.

Speaker: Robert M. Lee www.sans.org/instructors/robert-m-lee
Robert M. Lee is the CEO and Founder of the critical infrastructure cyber security company Dragos Security LLC where he has a passion for control system traffic analysis, incident response, and threat intelligence research. He is a SANS Certified Instructor and the course author of SANS ICS515 — «Active Defense and Incident Response» and the co-author of SANS FOR578 — «Cyber Threat Intelligence.» Robert is also a non-resident National Cyber Security Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure and a PhD candidate at Kings College London. For his research and focus areas, he was named one of Passcodes Influencers, awarded EnergySecs 2015 Cyber Security Professional of the Year, and named to the 2016 Forbes 30 Under 30 list.

Robert obtained his start in cyber security in the U.S. Air Force where he served as a Cyber Warfare Operations Officer. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission. Robert routinely writes articles in publications such as Control Engineering and the Christian Science Monitors Passcode and speaks at conferences around the world. Lastly, Robert, is author of the book «SCADA and Me» and the weekly web-comic www.LittleBobbyComic.com.

Prevention is not everything, and without detection, were sitting ducks. In this talk, Chris Dale will present on the concept of Threat Hunting and introduce good and effective threat hunting techniques for your security teams. How can we detect the bad guys, even the more notorious and advanced threats; with the goal to kick them out before they can secure their objectives? There will always be a way for a threat actor to find a way inside your network, whether it be criminals after monetization, Advanced Persistent Threats or inside threats. What are effective ways of finding them before damage is done?

Want to learn more about possible Threat Hunting Techniques? You can take our SEC504 class that focuses on these techniques. More information can be found at www.sans.org/course/hacker-techniques-exploits-incident-handling