Join us in the Black Hills InfoSec Discord server here: / discord to keep the security conversation going!
Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- www.blackhillsinfosec.com/
00:00 - Be Excellent to Each Other
01:06 - Threat Intel: A Useless Rant
07:38 - Pyramid of Pain
10:55 - You Got Another String Coming
14:56 - Conversation With a Pompous John
19:10 - Hacking Ain't Easy
22:21 - ATT&CK Bingo™
24:33 - Emulation for Iteration
27:35 - Some Open Source Tools
32:03 - Threat Emulation Warning
36:59 - MITRE Scorecard
45:49 - A Bit of Perspective
48:02 - DeTT&CT
48:48 - Sigma
52:29 - Atomic Threat Coverage
55:02 - PlumHound
55:39 - RITA
56:50 - Honeypots
58:21 - Question Time
1:07:52 - Breaking Down the Gates
Description: In this Black Hills Information Security webcast John breakdowns why he hates threat intelligence... Again...
But, he breaks down some of the cool new projects that are focusing on durable threat intelligence. This is key, because many intel feeds are nothing more than domains, hashes and IP addresses. However, with durable threat intel we see attack techniques that are highly effective, yet are not as easy to block.
For example, application allow listing abuse, connection profiles (RITA!), PowerShell encoding are all examples of detects you can use that are not specific to a point in time attack methodology.
John also shares some very cool open source projects that are approaching attacks in this way using ELK.
Slides for this webcast can be found here: www.blackhillsinfosec.com/wp-...
Black Hills Infosec Socials
Twitter: / bhinfosecurity
Mastodon: infosec.exchange/@blackhillsi...
LinkedIn: / antisyphon-training
Discord: / discord
Black Hills Infosec Shirts & Hoodies
spearphish-general-store.mysh...
Black Hills Infosec Services
Active SOC: www.blackhillsinfosec.com/ser...
Penetration Testing: www.blackhillsinfosec.com/ser...
Incident Response: www.blackhillsinfosec.com/ser...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsandbreaches.com/
Play B&B Online: play.backdoorsandbreaches.com/
Antisyphon Training
Pay What You Can: www.antisyphontraining.com/pa...
Live Training: www.antisyphontraining.com/co...
On Demand Training: www.antisyphontraining.com/on...
Educational Infosec Content
Black Hills Infosec Blogs: www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest KZitem: / wildwesthackinfest
Active Countermeasures KZitem: / activecountermeasures
Antisyphon Training KZitem: / antisyphontraining
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) - Wild West Hackin' Fest: wildwesthackinfest.com/
#bhis #infosec
Негізгі бет Durable vs. Ephemeral Threat Intel w/ John Strand (1-Hour)
Пікірлер: 2