SlideShare a Scribd company logo

Cyber threat Intelligence and Incident Response by:-Sandeep Singh

Download as PPTX, PDF
OWASP Delhi
OWASP Delhi

The broad list of topics include (but not limited to): - What is Threat Intelligence? - Type of Threat Intelligence? - Intelligence Lifecycle - Threat Intelligence - Classification & Vendor Landscape - Threat Intelligence Standards (STIX, TAXII, etc.) - Open Source Threat Intel Tools - Incident Response - Role of Threat Intel in Incident Response - Bonus Agenda

Technology
1 of 33
Cyber Threat Intelligence Sandeep Singh OWASP Delhi & null Delhi 30 January 2015
 I am not an intelligence analyst but would love to be   The topic is close to my heart  Do not expect any FM (Freakin Magic )  The objective is to help attendees get familiar with the world of threat intel Disclaimer
 Overview of Threat Intel  Understanding Threat Intel  What is Cyber Threat Intelligence  Types of Threat Intel  Intelligence Lifecycle  Threat Intel – Classification & Vendor Landscape  Threat Intel – Standards  Open Source Threat Data/Intel Sources  Bonus Agenda Agenda
What is Threat Intelligence?
• Buzzword • Growing field - $250M in 2013 - $1.5B in 2018 • Lots of new service providers entering the market • and still maturing Overview
Risk = Vulnerability * Threat * Impact Threat = Intent * Capability We like the term "Threat Actor". May be any of: • Cybercrime • State-sponsored • Hacktivism • Insider • Industry competition Threat
Intelligencea.k.a. Renseignement, ré-enseignement • Environment → Data → Information → Intelligence • Intelligence is a cyclic process • Analysis and contextualization • Models help counter diversity with abstraction
 Accurate  Relevant  Timely  Aligned  Predictive  Integrated Actionable Intel
Cyber Area of interest/ of collection Threat Subject of interest Intelligence Process Cyber Threat Intelligence
Key Elements of Threat Intel
Types of Threat Intel
• Target audience: decision-makers • Focus on changing risks, high level topics • Geopolitics • Foreign markets • Cultural background • Vision timeframe: years Note: You may never have heard of this; could be explained by lack of maturity in orgs Strategic TI
• Target audience: defenders • Focus on current & future attacks: • Who, what, when? • Early warning on incoming attacks • Social media activity • Vision timeframe: months, weeks, hours Operational TI Note: Hard for private companies to obtain on advanced attackers; traditionally collected through HUMINT / SIGINT
• Target audience: architects & sysadmins • Focus on "TTPs": • Attacker modus operandi • Blue team / red team tools • Exfiltration / C2 methods • Persistence / stealth / deception mechanisms • Vision timeframe: weeks to a year Note: The most common form of threat intel (and marketing ) produced today; easy to obtain Tactical TI
Technical TI a.k.a. Data • Target audience: SOC, IR people • Focus on raw observables: • Indicators of compromise • Host and network artifacts • Yara, Snort, OpenIOC rules • Vision timeframe: hours to years Note: Man-hours are valuable. Technical TI is abundant. Processing should be as automated as possible.
Strategic Will feed SWOT, risk assessments, Porter Diamond model... Tactical Cyber Kill-chain, Diamond model, ACH Operational OODA Loop, Pyramid of Pain Technical F3EAD, CIF, FIR, MISP, Malcom, Maltego,…. Weaponry
Intelligence Cycle
Intelligence Cycle applied to CTI in orgs • Planning • What are you looking for? • Collection • OSINT/HUMINT • Logs/Data points inside the org • Honeypots/nets/docs, social networks • FM-5 • Processing • Synthesizing the collected data so that intelligence analyst can work • Analysis • Finished Intelligence • Dissemination • Present to the right audience
ThreatIntel Threat Intel Platform Threat Intel Enrichment Threat Intel Integration Open Source Intel (OSINT) Human Intel (HUMINT) Technical Intel Adversary Intel Vulnerability Intel Strategic Intel Threat Intel - Classification
Vendors
Can you guess the price of commercial threat Intel?
 Symantec's 12-month retail subscription to its reputation feed costs $95,300 (INR 6100000 approx.)  FireEye threat intelligence appliances cost around $17000 at starting price and increase upto $175000 per unit
Managing Threat Intel As tough as it sounds
• MISP - Event-based indicator sharing • FIR - Incident management platform + indicator correlation • CRITS - Platform to store threat-related information • Malcom - Correlation of network traffic with maliciousness feeds • CIF - Query indicators + variety of output formats • Grr, osquery - Endpoint hunting not mature …but lots of stuff is going on
What’s so nice about “standards” • MITRE - STIX, TAXII, CybOX, MAEC • IETF - IODEF • Mandiant - OpenIOC • VERIS • MANTIS
Black List IP Address Sources • emergingthreats.net • binarydefense.com • zeustracker.abuse.ch • palevotracker.abuse.ch • feodotracker.abuse.ch • sslbl.abuse.ch • spamhaus Phishing URL Sources • openphish.com Vulnerability Database Sources • scip.ch • cxsecurity.com • exchange.xforce.ibmcloud.com • packetstormsecurity.com Honeypots/Honeynets Open Source Threat Data Sources
Bonus Agenda
• Developed by REN-ISAC • http://csirtgadgets.org/collective-intelligence-framework/ • Does not generate data, simply takes sources normalizes it and then outputs by given types • Limited in the types of data it can handle – URLs – Domains – IPs – MD5s • Certainly more to threat intel than this, but it’s a start CIF: Collective Intelligence Framework
CIF Architecture
• A target-centric approach to intelligence analysis • Bridge between operations and intelligence • a.k.a. “Hunting” F3EAD
• TI is closely related to traditional intelligence • Models help but have limitations • The quality of your TI directly influences the quality of your response • Tools to store, analyze, and share intelligence exist, but there's room for improvement Conclusion
 http://sroberts.github.io  http://direct.tomchop.me/slides  http://frodehommedal.no/presentations/first-tc-oslo- 2015  https://www.mwrinfosecurity.com/system/assets/909/ original/Threat_Intelligence_Whitepaper.pdf  Google References:
Thank you, Sandeep Singh – Chapter Leader, OWASP Delhi & null Delhi sandeep.singh@owasp.org san@null.co.in @Sandy1sm Q & A

Recommended

Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 

Recommended

Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Mark Arena
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Threat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsThreat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsRahul Neel Mani
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Soc
SocSoc
SocMukesh Chaudhari
 
Cyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDICyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDIDavid Sweigert
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesLearningwithRayYT
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence programMark Arena
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 
Windows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahWindows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahOWASP Delhi
 

More Related Content

What's hot

Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxAbimbolaFisher1
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Mark Arena
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Threat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsThreat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsRahul Neel Mani
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
Cyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDICyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDIDavid Sweigert
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesLearningwithRayYT
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence programMark Arena
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 

What's hot (20)

Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptxCyber Threat Intelligence.pptx
Cyber Threat Intelligence.pptx
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Threat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsThreat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk Programs
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
 
Soc
SocSoc
Soc
 
Cyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDICyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDI
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 
Threat Intelligence & Threat research Sources
Threat Intelligence & Threat research SourcesThreat Intelligence & Threat research Sources
Threat Intelligence & Threat research Sources
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence program
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 

Viewers also liked

The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 
Windows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahWindows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahOWASP Delhi
 
Introduction to Threat Sharing
Introduction to Threat SharingIntroduction to Threat Sharing
Introduction to Threat SharingDavid Sweigert
 
MISP 2020 Overview
MISP 2020 OverviewMISP 2020 Overview
MISP 2020 OverviewAngus Hobson
 
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?Anthony Melfi
 
MISP EcoSystem - Threat Intelligence, VMRay, MISP
MISP EcoSystem - Threat Intelligence, VMRay, MISPMISP EcoSystem - Threat Intelligence, VMRay, MISP
MISP EcoSystem - Threat Intelligence, VMRay, MISPKoen Van Impe
 
Open source tools for Incident Response bogota 2016
Open source tools for Incident Response bogota 2016Open source tools for Incident Response bogota 2016
Open source tools for Incident Response bogota 2016Mateo Martinez
 
Embracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your DecisionEmbracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your DecisionCylance
 
Hostile Subdomain Takeover by Ankit Prateek
Hostile Subdomain Takeover by Ankit PrateekHostile Subdomain Takeover by Ankit Prateek
Hostile Subdomain Takeover by Ankit PrateekOWASP Delhi
 
Malware Detection with OSSEC HIDS - OSSECCON 2014
Malware Detection with OSSEC HIDS - OSSECCON 2014Malware Detection with OSSEC HIDS - OSSECCON 2014
Malware Detection with OSSEC HIDS - OSSECCON 2014Santiago Bassett
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Santiago Bassett
 
Keynote Session : Kill The Password
Keynote Session : Kill The PasswordKeynote Session : Kill The Password
Keynote Session : Kill The PasswordPriyanka Aash
 
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...Priyanka Aash
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraOWASP Delhi
 
Profiling an enigma: The mystery of North Korea’s cyber threat landscape
Profiling an enigma: The mystery of North Korea’s cyber threat landscapeProfiling an enigma: The mystery of North Korea’s cyber threat landscape
Profiling an enigma: The mystery of North Korea’s cyber threat landscapeTom K
 
One Thor - Presentazione Giugno-Luglio 2014
One Thor - Presentazione Giugno-Luglio 2014 One Thor - Presentazione Giugno-Luglio 2014
One Thor - Presentazione Giugno-Luglio 2014 OnethorSlide
 
Creative education summit
Creative education summitCreative education summit
Creative education summitJack740
 

Viewers also liked (20)

The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence Matrix
 
Windows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahWindows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv Shah
 
Introduction to Threat Sharing
Introduction to Threat SharingIntroduction to Threat Sharing
Introduction to Threat Sharing
 
MISP 2020 Overview
MISP 2020 OverviewMISP 2020 Overview
MISP 2020 Overview
 
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
bsides NOVA 2017 So You Want to Be a Cyber Threat Analyst eh?
 
MISP EcoSystem - Threat Intelligence, VMRay, MISP
MISP EcoSystem - Threat Intelligence, VMRay, MISPMISP EcoSystem - Threat Intelligence, VMRay, MISP
MISP EcoSystem - Threat Intelligence, VMRay, MISP
 
Open source tools for Incident Response bogota 2016
Open source tools for Incident Response bogota 2016Open source tools for Incident Response bogota 2016
Open source tools for Incident Response bogota 2016
 
Embracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your DecisionEmbracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your Decision
 
Hostile Subdomain Takeover by Ankit Prateek
Hostile Subdomain Takeover by Ankit PrateekHostile Subdomain Takeover by Ankit Prateek
Hostile Subdomain Takeover by Ankit Prateek
 
Malware Detection with OSSEC HIDS - OSSECCON 2014
Malware Detection with OSSEC HIDS - OSSECCON 2014Malware Detection with OSSEC HIDS - OSSECCON 2014
Malware Detection with OSSEC HIDS - OSSECCON 2014
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
Threat Intelligence with Open Source Tools - Cornerstones of Trust 2014
 
Keynote Session : Kill The Password
Keynote Session : Kill The PasswordKeynote Session : Kill The Password
Keynote Session : Kill The Password
 
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
Keynote Session : Using Behavioral Psychology and Science of Habit to Change ...
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
 
Profiling an enigma: The mystery of North Korea’s cyber threat landscape
Profiling an enigma: The mystery of North Korea’s cyber threat landscapeProfiling an enigma: The mystery of North Korea’s cyber threat landscape
Profiling an enigma: The mystery of North Korea’s cyber threat landscape
 
One Thor - Presentazione Giugno-Luglio 2014
One Thor - Presentazione Giugno-Luglio 2014 One Thor - Presentazione Giugno-Luglio 2014
One Thor - Presentazione Giugno-Luglio 2014
 
Iso 9001 2008~2015 changes
Iso 9001 2008~2015 changesIso 9001 2008~2015 changes
Iso 9001 2008~2015 changes
 
Creative education summit
Creative education summitCreative education summit
Creative education summit
 
A London Tale of Gin and Sin
A London Tale of Gin and SinA London Tale of Gin and Sin
A London Tale of Gin and Sin
 

Similar to Cyber threat Intelligence and Incident Response by:-Sandeep Singh

Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Andreas Sfakianakis
 
Cyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaCyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaTheko Moima
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Graeme Wood
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Raffael Marty
 
CYB205-1 Evolving Threat Landscapes_01.pdf
CYB205-1 Evolving Threat Landscapes_01.pdfCYB205-1 Evolving Threat Landscapes_01.pdf
CYB205-1 Evolving Threat Landscapes_01.pdfssuser4db968
 
CYB205-1 Evolving Threat Landscapes_01.pptx
CYB205-1 Evolving Threat Landscapes_01.pptxCYB205-1 Evolving Threat Landscapes_01.pptx
CYB205-1 Evolving Threat Landscapes_01.pptxssuser4db968
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
 
Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Peter ODell
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defenceOWASP EEE
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Gabor Munk - CTI and Information Sharing
Gabor Munk - CTI and Information SharingGabor Munk - CTI and Information Sharing
Gabor Munk - CTI and Information SharingBlack Cell Ltd.
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web ThreatsUsing SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web ThreatsSurfWatch Labs
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 

Similar to Cyber threat Intelligence and Incident Response by:-Sandeep Singh (20)

Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
 
Cyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaCyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moima
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
 
CYB205-1 Evolving Threat Landscapes_01.pdf
CYB205-1 Evolving Threat Landscapes_01.pdfCYB205-1 Evolving Threat Landscapes_01.pdf
CYB205-1 Evolving Threat Landscapes_01.pdf
 
CYB205-1 Evolving Threat Landscapes_01.pptx
CYB205-1 Evolving Threat Landscapes_01.pptxCYB205-1 Evolving Threat Landscapes_01.pptx
CYB205-1 Evolving Threat Landscapes_01.pptx
 
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...
 
Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014
 
[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
Gabor Munk - CTI and Information Sharing
Gabor Munk - CTI and Information SharingGabor Munk - CTI and Information Sharing
Gabor Munk - CTI and Information Sharing
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web ThreatsUsing SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 

More from OWASP Delhi

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesOWASP Delhi
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeoverOWASP Delhi
 
Effective Cyber Security Report Writing
Effective Cyber Security Report WritingEffective Cyber Security Report Writing
Effective Cyber Security Report WritingOWASP Delhi
 
Data sniffing over Air Gap
Data sniffing over Air GapData sniffing over Air Gap
Data sniffing over Air GapOWASP Delhi
 
Demystifying Container Escapes
Demystifying Container EscapesDemystifying Container Escapes
Demystifying Container EscapesOWASP Delhi
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using TerraformOWASP Delhi
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat IntelligenceOWASP Delhi
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriOWASP Delhi
 
Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelOWASP Delhi
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanOWASP Delhi
 
IETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraIETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraOWASP Delhi
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraMalicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraOWASP Delhi
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
DFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar YadavDFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar YadavOWASP Delhi
 
RAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalRAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalOWASP Delhi
 

More from OWASP Delhi (20)

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeover
 
Effective Cyber Security Report Writing
Effective Cyber Security Report WritingEffective Cyber Security Report Writing
Effective Cyber Security Report Writing
 
Data sniffing over Air Gap
Data sniffing over Air GapData sniffing over Air Gap
Data sniffing over Air Gap
 
UDP Hunter
UDP HunterUDP Hunter
UDP Hunter
 
Demystifying Container Escapes
Demystifying Container EscapesDemystifying Container Escapes
Demystifying Container Escapes
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using Terraform
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
 
DMARC Overview
DMARC OverviewDMARC Overview
DMARC Overview
 
Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash Goel
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
 
IETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraIETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit Batra
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraMalicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
DFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar YadavDFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar Yadav
 
RAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan BansalRAT - Kill or Get Killed! by Karan Bansal
RAT - Kill or Get Killed! by Karan Bansal
 

Recently uploaded

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 

Recently uploaded (20)

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 

Cyber threat Intelligence and Incident Response by:-Sandeep Singh

  • 1. Cyber Threat Intelligence Sandeep Singh OWASP Delhi & null Delhi 30 January 2015
  • 2.  I am not an intelligence analyst but would love to be   The topic is close to my heart  Do not expect any FM (Freakin Magic )  The objective is to help attendees get familiar with the world of threat intel Disclaimer
  • 3.  Overview of Threat Intel  Understanding Threat Intel  What is Cyber Threat Intelligence  Types of Threat Intel  Intelligence Lifecycle  Threat Intel – Classification & Vendor Landscape  Threat Intel – Standards  Open Source Threat Data/Intel Sources  Bonus Agenda Agenda
  • 5. • Buzzword • Growing field - $250M in 2013 - $1.5B in 2018 • Lots of new service providers entering the market • and still maturing Overview
  • 6. Risk = Vulnerability * Threat * Impact Threat = Intent * Capability We like the term "Threat Actor". May be any of: • Cybercrime • State-sponsored • Hacktivism • Insider • Industry competition Threat
  • 7. Intelligencea.k.a. Renseignement, ré-enseignement • Environment → Data → Information → Intelligence • Intelligence is a cyclic process • Analysis and contextualization • Models help counter diversity with abstraction
  • 8.  Accurate  Relevant  Timely  Aligned  Predictive  Integrated Actionable Intel
  • 9. Cyber Area of interest/ of collection Threat Subject of interest Intelligence Process Cyber Threat Intelligence
  • 10. Key Elements of Threat Intel
  • 12. • Target audience: decision-makers • Focus on changing risks, high level topics • Geopolitics • Foreign markets • Cultural background • Vision timeframe: years Note: You may never have heard of this; could be explained by lack of maturity in orgs Strategic TI
  • 13. • Target audience: defenders • Focus on current & future attacks: • Who, what, when? • Early warning on incoming attacks • Social media activity • Vision timeframe: months, weeks, hours Operational TI Note: Hard for private companies to obtain on advanced attackers; traditionally collected through HUMINT / SIGINT
  • 14. • Target audience: architects & sysadmins • Focus on "TTPs": • Attacker modus operandi • Blue team / red team tools • Exfiltration / C2 methods • Persistence / stealth / deception mechanisms • Vision timeframe: weeks to a year Note: The most common form of threat intel (and marketing ) produced today; easy to obtain Tactical TI
  • 15. Technical TI a.k.a. Data • Target audience: SOC, IR people • Focus on raw observables: • Indicators of compromise • Host and network artifacts • Yara, Snort, OpenIOC rules • Vision timeframe: hours to years Note: Man-hours are valuable. Technical TI is abundant. Processing should be as automated as possible.
  • 16. Strategic Will feed SWOT, risk assessments, Porter Diamond model... Tactical Cyber Kill-chain, Diamond model, ACH Operational OODA Loop, Pyramid of Pain Technical F3EAD, CIF, FIR, MISP, Malcom, Maltego,…. Weaponry
  • 18. Intelligence Cycle applied to CTI in orgs • Planning • What are you looking for? • Collection • OSINT/HUMINT • Logs/Data points inside the org • Honeypots/nets/docs, social networks • FM-5 • Processing • Synthesizing the collected data so that intelligence analyst can work • Analysis • Finished Intelligence • Dissemination • Present to the right audience
  • 19. ThreatIntel Threat Intel Platform Threat Intel Enrichment Threat Intel Integration Open Source Intel (OSINT) Human Intel (HUMINT) Technical Intel Adversary Intel Vulnerability Intel Strategic Intel Threat Intel - Classification
  • 21. Can you guess the price of commercial threat Intel?
  • 22.  Symantec's 12-month retail subscription to its reputation feed costs $95,300 (INR 6100000 approx.)  FireEye threat intelligence appliances cost around $17000 at starting price and increase upto $175000 per unit
  • 23. Managing Threat Intel As tough as it sounds
  • 24. • MISP - Event-based indicator sharing • FIR - Incident management platform + indicator correlation • CRITS - Platform to store threat-related information • Malcom - Correlation of network traffic with maliciousness feeds • CIF - Query indicators + variety of output formats • Grr, osquery - Endpoint hunting not mature …but lots of stuff is going on
  • 25. What’s so nice about “standards” • MITRE - STIX, TAXII, CybOX, MAEC • IETF - IODEF • Mandiant - OpenIOC • VERIS • MANTIS
  • 26. Black List IP Address Sources • emergingthreats.net • binarydefense.com • zeustracker.abuse.ch • palevotracker.abuse.ch • feodotracker.abuse.ch • sslbl.abuse.ch • spamhaus Phishing URL Sources • openphish.com Vulnerability Database Sources • scip.ch • cxsecurity.com • exchange.xforce.ibmcloud.com • packetstormsecurity.com Honeypots/Honeynets Open Source Threat Data Sources
  • 28. • Developed by REN-ISAC • http://csirtgadgets.org/collective-intelligence-framework/ • Does not generate data, simply takes sources normalizes it and then outputs by given types • Limited in the types of data it can handle – URLs – Domains – IPs – MD5s • Certainly more to threat intel than this, but it’s a start CIF: Collective Intelligence Framework
  • 30. • A target-centric approach to intelligence analysis • Bridge between operations and intelligence • a.k.a. “Hunting” F3EAD
  • 31. • TI is closely related to traditional intelligence • Models help but have limitations • The quality of your TI directly influences the quality of your response • Tools to store, analyze, and share intelligence exist, but there's room for improvement Conclusion
  • 32.  http://sroberts.github.io  http://direct.tomchop.me/slides  http://frodehommedal.no/presentations/first-tc-oslo- 2015  https://www.mwrinfosecurity.com/system/assets/909/ original/Threat_Intelligence_Whitepaper.pdf  Google References:
  • 33. Thank you, Sandeep Singh – Chapter Leader, OWASP Delhi & null Delhi sandeep.singh@owasp.org san@null.co.in @Sandy1sm Q & A