Be the first to like this
Validating potential incidents or indicators of compromise (IOCs) in today’s fast paced environment can be somewhat overwhelming and difficult. Sometimes a team does not believe they have all of the tools and resources to quickly and accurately identify, verify, and rectify a potential indicator in their environment in time. Sometimes these investigations are performed yet may leave out valuable key pieces of data that would benefit the prevention or hardening against future similar attacks. Everyone wants the expensive and shiny tool that vendors offer, but sometimes budgets do not always allow teams access to the latest and greatest, and honestly, not all tools are equal. Relying on one piece of data for IOC validation is a bad idea, even if that resource is the best in the industry. The approach is to use not only the tools you have, but to augment them with existing open source tools that will enrich your investigation, provide accuracy, and supplement your ability to quickly and accurately respond to valid threats in order to increase your security team’s effectiveness. The purpose of this presentation will be to walk users through the value of Open Source Intel and how to use the tools available effectively to help research and identify potential issues during an incident response engagement.