Threat actors are not magic and there is not an unlimited, unique list of threats for every organization. Enterprises face similar threats from similar threat sources and threat actors – so why does every organization need to perform completely unique risk assessments and prioritized control decisions? This presentation will show how specific, community-driven threat models can be used to prioritize an organization’s defenses – without all the confusion. In this
presentation James Tarala will present a new, open, community-driven threat model that can be used by any industry to evaluate the risk that faces them. Then he will show how to practically
use this model to prioritize enterprise defense and map to existing compliance requirements facing organizations today. Whether you are in the Department of Defense or work for a small mom-and-pop retailer, you will be able to use this model to specifically determine a prioritized defense for your organization.

James Tarala, Principal Consultant, Enclave Security; Senior Instructor, SANS Institute

James Tarala is a principal consultant with Enclave Security and is based out of Venice, Florida. He is a regular speaker and senior instructor with the SANS Institute as well as a courseware author and editor for many SANS auditing and security courses. As a consultant, he has spent the past few years architecting large enterprise IT security and infrastructure architectures, specifically working with many Microsoft-based directory services, e-mail, terminal services, and wireless technologies. He has also spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues, and he often performs independent security audits and assists internal audit groups in developing their internal audit programs. James completed his undergraduate studies at Philadelphia Biblical University and his graduate work at the University of Maryland. He holds numerous professional certifications.

ATTEND THE 2017 THREAT HUNTING SUMMIT: dfir.to/ThreatHunting2017

SANS THREAT HUNTING AND INCIDENT RESPONSE COURSES
FOR508: Digital Forensics, Incident Response,

Every single day we use search engines to look for things on the internet. Defenders research a domain or IP that contains malware. Attackers look for email addresses for an upcoming phishing campaign. DFIR people examine locations and usernames that they acquired from a subjects computer. Policy and compliance people examine the risk that employees in their organizations might bring to work. Recruiters scour the internet looking for candidates. And «normal people» shop, date, geolocate, post, tweet, and otherwise send a huge amount of data to the public internet.

While search engines harvest, store, and index billions of web site data points every day, there is much they do not contain. These pieces of OSINT data can, when put in perspective and analyzed, reveal target geolocations, friends and associates, alcohol consumption, user passwords, and more. This talk will be a series of hands on, live demos where we put our OSINT skills to work in unconventional places to harvest this unindexed OSINT data.

Using free web sites, built in web browser tools, and free python scripts, Micah will show attendees how to harvest data from social media applications, the «whois» system, and from breach data that will not appear in search engine results. Students will gain a better understanding of JSON, APIs, reverse whois, and how to run python tools.

Come join Micah as he examines how to move beyond «Googling it» in your personal and professional lives.

Speaker Bio
Micah Hoffman has been active in the information technology field since 1998, working with federal government, commercial, and internal customers to discover and quantify cybersecurity weaknesses within their organizations. As a highly active member of the cybersecurity and OSINT communities, Micah uses his real-world Open-Source Intelligence (OSINT), penetration testing, and incident response experience to provide customized solutions to his customers and comprehensive instruction to his students.

Over the years, Micah has conducted cyber-related tasks like penetration testing, OSINT investigations, APT hunting, and risk assessments for government, internal, and commercial customers. Micahs SANS coursework, cybersecurity expertise, and inherent love of teaching eventually pulled him toward an instructional role, and hes been a SANS Certified Instructor since 2013. Hes the author of the SANS course SEC487: Open Source Intelligence Gathering and Analysis, and also teaches both SEC542: Web App Penetration Testing and Ethical Hacking and SEC567: Social Engineering for Penetration Testers.

In this episode of the CyberGizmo we explore Whonix. Whonix is a distro designed to run on a Virtualbox VM (and a few others) running on Linux, MacOS or Windows. So you can take advantage of its privacy features without having to give up the operating system you are currently using. Whonix is also the anon-guest for Qubes so it wear many hats and is designed to protect all applications which connect to the network, not just your web browsing habits. I also compare Whonix to Qubes, Tails and the Tor Browser (alone) somewhat.

Support me on Patreon: www.patreon.com/DJWare
Follow me:
Twitter @djware55
Facebook:https://www.facebook.com/don.ware.7758
Discord: discord.gg/hQcShnh

Music Used in this video
«NonStop» Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License

Welcome to Nmap for beginners! Nmap («Network Mapper») is a free and open source (license) utility for network discovery and security auditing.

Our Courses:
Python For Ethical Hacking — Develop Your Own Scripts: www.udemy.com/course/the-complete-python-3-developer-course/?couponCode=TCP3DC2019

The Complete Ethical Hacking Bootcamp: www.udemy.com/course/the-complete-ethical-hacking-bootcamp/?couponCode=TCEHB2019

OS Compatibility: Linux,Windows

r.gfn.ru/kargas — играй в Cyberpunk 2077 с RTX и другие игры на любом компьютере с помощью GFN.RU. Посмотрев все обзоры Киберпанк 2077, я понял, что это худшая игра во вселенной, а CD Project Red должны обанкротиться. А как можно не доверять говорящим головам из светящейся книги? Но на всякий случай я купил сделал свой обзор Cyberpunk 2077

Безопасность Windows. Инфраструктура Active Directory и ее типовые проблемы.

Снималось на телефон, поэтому качество не всегда идеально.

vk.com/net_moshenikam
Задолбали они находить мой паспорт! За 3 дня его нашли 5 человек и все хотят 4 руб. Вознаграждение!

Канал Denis LeadER TV — www.youtube.com/user/McDJLeadER
Наш Telegram канал — t.me/overlamer1
Второй канал — www.youtube.com/c/igorover
Паблик — overpublic1 — vk.com/over_view

Заказать рекламу вы можете здесь:
bit.ly/2nChGY8

Инстаграмчик здесь:
www.instagram.com/overbafer1

AliExpress в рамках закона [Bad AliExpress]:
vk.com/public137607137

Некультурный AliExpress:
vk.com/public146011210

Live in Berlin, 2002.

Genesis — Invisible Touch Tour | Live At Wembley Stadium 1080p HD
Full Video Concert