In this project we will automate this process using Machine Learning. We will share how we can use ML for Custom Entity Extraction to automatically extract entities specific to the cyber security domain from unstructured text. We will also share how this system can be used to generate insights such as identify patterns of attacks an enterprise may have faced and much more.
The SANS FOR578 Cyber Threat Intelligence course ( www.sans.org/course/cyber-threat-intelligence) has been proven to be one of hottest courses offered by the DFIR Curriculum often sold out in each city. The overwhelming acceptance of this course has allowed SANS to collect invaluable feedback that is leading the course to the next level. We invite you to join lead author Robert M. Lee as he covers core cyber threat intelligence concepts and provides an overview of the FOR578 class who should attend and why. Attend this webcast and be among the first to get a sneak peak of the changes, additions, exciting new tools and tradecraft added into the course.
Speaker: Robert M. Lee www.sans.org/instructors/robert-m-lee
Robert M. Lee is the CEO and Founder of the critical infrastructure cyber security company Dragos Security LLC where he has a passion for control system traffic analysis, incident response, and threat intelligence research. He is a SANS Certified Instructor and the course author of SANS ICS515 — «Active Defense and Incident Response» and the co-author of SANS FOR578 — «Cyber Threat Intelligence.» Robert is also a non-resident National Cyber Security Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure and a PhD candidate at Kings College London. For his research and focus areas, he was named one of Passcodes Influencers, awarded EnergySecs 2015 Cyber Security Professional of the Year, and named to the 2016 Forbes 30 Under 30 list.
Robert obtained his start in cyber security in the U.S. Air Force where he served as a Cyber Warfare Operations Officer. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission. Robert routinely writes articles in publications such as Control Engineering and the Christian Science Monitors Passcode and speaks at conferences around the world. Lastly, Robert, is author of the book «SCADA and Me» and the weekly web-comic www.LittleBobbyComic.com.
Prevention is not everything, and without detection, were sitting ducks. In this talk, Chris Dale will present on the concept of Threat Hunting and introduce good and effective threat hunting techniques for your security teams. How can we detect the bad guys, even the more notorious and advanced threats; with the goal to kick them out before they can secure their objectives? There will always be a way for a threat actor to find a way inside your network, whether it be criminals after monetization, Advanced Persistent Threats or inside threats. What are effective ways of finding them before damage is done?
Threat actors are not magic and there is not an unlimited, unique list of threats for every organization. Enterprises face similar threats from similar threat sources and threat actors – so why does every organization need to perform completely unique risk assessments and prioritized control decisions? This presentation will show how specific, community-driven threat models can be used to prioritize an organization’s defenses – without all the confusion. In this
presentation James Tarala will present a new, open, community-driven threat model that can be used by any industry to evaluate the risk that faces them. Then he will show how to practically
use this model to prioritize enterprise defense and map to existing compliance requirements facing organizations today. Whether you are in the Department of Defense or work for a small mom-and-pop retailer, you will be able to use this model to specifically determine a prioritized defense for your organization.
James Tarala, Principal Consultant, Enclave Security; Senior Instructor, SANS Institute
James Tarala is a principal consultant with Enclave Security and is based out of Venice, Florida. He is a regular speaker and senior instructor with the SANS Institute as well as a courseware author and editor for many SANS auditing and security courses. As a consultant, he has spent the past few years architecting large enterprise IT security and infrastructure architectures, specifically working with many Microsoft-based directory services, e-mail, terminal services, and wireless technologies. He has also spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues, and he often performs independent security audits and assists internal audit groups in developing their internal audit programs. James completed his undergraduate studies at Philadelphia Biblical University and his graduate work at the University of Maryland. He holds numerous professional certifications.
Everyone is moving to the cloud, specifically Microsoft Cloud. Microsoft expects to have 66 percent of its Office business customers in the cloud by 2019. Doing so makes sense: it’s easier than having on-premises mail servers, it (theoretically) reduces costs, and Microsoft Office 365 has one of the best security teams in the world. However, there is a downside, which is that it’s hard to protect what you can’t see or access. As of today, it is extremely difficult (or impossible, depending on your subscription level) to apply your externally created threat intelligence into Microsoft Office 365 detections. It is even more frustrating to try and search for known indicators on a platform that is not designed to help the security community.
This talk will describe methods and release open-source code to enhance your Office 365 security by analyzing email metadata, attachments, and even full content with tools like stoQ or LaikaBOSS and by looking at how to use that information to research and create actionable threat intelligence via platforms like Splunk.
Dave Herrald (@daveherrald), Staff Security Strategist, Splunk
Ryan Kovar (@meansec), Principal Security Strategist, Splunk
Dave Hogue, Technical Director, National Security Agency (NSA)
Dave Hogue will provide one of the first in-depth perspectives from a “Day in the Life” of NSA’s Cybersecurity Threat Operations Center (NCTOC)—the mission, threat landscape, and offer best principles for CISOs and other network defenders. Mr. Hogue will equip the audience with actionable insights that they can implement into their daily operations.
Learning Objectives:
1: Gain exclusive insights into top cyberthreats from NSA’s perspective.
2: Learn actionable best practices to use in building an effective cyber-defense posture.
3: Learn about what’s working and what’s not in emerging areas such as machine learning.
Продолжаем рассматривать инструменты операционной системы Buscador. Удачные и неудачные программы. Рассматриваем, как должны работать программы на самом деле.
IMPORTANT (JUNE 6, 2019): The OSINT Tools by Mike Bazzel featured in this guide were taken down from his website due to increased DDoS-style attacks, as well as DMCAs and cease-and-desists from some of the tools included. Phoneinfoga will still work in this guide, but for the others, you can try using each companys individual tool instead. You can see how it used to work, however, in this video and on null-byte.com.
When running an OSINT investigation, a phone number can prove to be extremely useful in gathering information about a target. On this episode of Cyber Weapons Lab, well explore a couple tools you can use to extract information from a phone number. First, theres the command-line tool called Phoneinfoga, then theres the web app tool on the IntelTechniques website.
In this video I go over the basics of tracking airplanes using Open Source tools and how to view filtered aircraft. While ADS-B Exchanges flight data is temporarily down, you can still view limited traces of flights. Apologies for not getting into the LLC portion I mentioned in the beginning, I believe that deserves a video in itself.