To improve your (threat) modeling career, you need a better (threat) agent (library)! Threat modeling is a process for capturing, organizing, and analyzing the security of a system based on the perspective of a threat agent. Threat modeling enables informed decision-making about application security risk. In addition to producing a model, typical threat modeling efforts also produce a prioritized list of security improvements to the concept, requirements, design, or implementation. In 2009, OWASP posted wiki pages on threat modeling. Although there was the start of a section on threat agents, it has yet to be completed.
Intel developed a unique standardized threat agent library (TAL) that provides a consistent, up-to-date reference describing the human agents (AKA; threat actors) that pose threats to IT systems and other information assets. Instead of picking threat agents based on vendor recommendations and space requirements in Powerpoint, the TAL produces a repeatable, yet flexible enough for a range of risk assessment uses. We will cover both the TAL, the Threat Agent Risk Assessment (TARA), how they can be used to improve threat modeling.
Speaker
Eric Jernigan
Information Security Architect, Umpqua Bank
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
Uncovering ICS Threat Activity Groups for Intelligence-Driven Defense: Dragos has released information about eight threat activity groups that have targeted industrial companies. These groups range from espionage, to learning industrial environments for future effects, to causing a power outage and targeting human life directly. But what are threat activity groups? They are different than what is normally tracked in the community as threat actors and have a different focus for defenders.
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Jorge Orchilles
Join Jorge Orchilles and Phil Wainwright as they cover how to show value during Red and Purple Team exercises with a free platform, VECTR. VECTR is included in SANS Slingshot C2 Matrix Edition so you can follow along the presentation and live demos.
VECTR is a free platform for planning and tracking of your red and purple team exercises and alignment to blue team detection and prevention capabilities across different attack scenarios. VECTR provides the ability to create assessment groups, which consist of a collection of Campaigns and supporting Test Cases to simulate adversary threats. Campaigns can be broad and span activity across the kill chain or ATT&CK tactics, from initial access to privilege escalation and lateral movement and so on, or can be a narrow in scope to focus on specific defensive controls, tools, and infrastructure. VECTR is designed to promote full transparency between offense and defense, encourage training between team members, and improve detection, prevention & response capabilities across cloud and on-premise environments.
Common use cases for VECTR are measuring your defenses over time against the MITRE ATT&CK framework, creating custom red team scenarios and adversary emulation plans, and assisting with toolset evaluations. VECTR is meant to be used over time with targeted campaigns, iteration, and measurable enhancements to both red team skills and blue team detection capabilities. Ultimately the goal of VECTR is to help organizations level up and promote a platform that encourages community sharing of CTI that is useful for red teamers, blue teamers, threat intel teams, security engineering, any number of other cyber roles, and helps management show increasing maturity in their programs and justification of whats working, whats not, and where additional investment might be needed in tools and team members to bring it all together.
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
Uncovering ICS Threat Activity Groups for Intelligence-Driven Defense: Dragos has released information about eight threat activity groups that have targeted industrial companies. These groups range from espionage, to learning industrial environments for future effects, to causing a power outage and targeting human life directly. But what are threat activity groups? They are different than what is normally tracked in the community as threat actors and have a different focus for defenders.
Managing & Showing Value during Red Team Engagements & Purple Team Exercises ...Jorge Orchilles
Join Jorge Orchilles and Phil Wainwright as they cover how to show value during Red and Purple Team exercises with a free platform, VECTR. VECTR is included in SANS Slingshot C2 Matrix Edition so you can follow along the presentation and live demos.
VECTR is a free platform for planning and tracking of your red and purple team exercises and alignment to blue team detection and prevention capabilities across different attack scenarios. VECTR provides the ability to create assessment groups, which consist of a collection of Campaigns and supporting Test Cases to simulate adversary threats. Campaigns can be broad and span activity across the kill chain or ATT&CK tactics, from initial access to privilege escalation and lateral movement and so on, or can be a narrow in scope to focus on specific defensive controls, tools, and infrastructure. VECTR is designed to promote full transparency between offense and defense, encourage training between team members, and improve detection, prevention & response capabilities across cloud and on-premise environments.
Common use cases for VECTR are measuring your defenses over time against the MITRE ATT&CK framework, creating custom red team scenarios and adversary emulation plans, and assisting with toolset evaluations. VECTR is meant to be used over time with targeted campaigns, iteration, and measurable enhancements to both red team skills and blue team detection capabilities. Ultimately the goal of VECTR is to help organizations level up and promote a platform that encourages community sharing of CTI that is useful for red teamers, blue teamers, threat intel teams, security engineering, any number of other cyber roles, and helps management show increasing maturity in their programs and justification of whats working, whats not, and where additional investment might be needed in tools and team members to bring it all together.
Presentation talks about introduction to MITRE ATT&CK Framework, different use cases, pitfalls to take care about.. Talk was delivered @Null Bangalore and @OWASP Bangalore chapter on 15th February 2019.
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
Threat Hunting Procedures and Measurement MatriceVishal Kumar
This document will provide the basics of Cyber Threat Hunting and answers of some Q such as; What is Threat Hunting?, What is the Importance of Threat Hunting, and How it can be start....Bla..Bla..Bla...
Delivered 1 - day Practical Threat Hunting workshop at sacon.io in Bangalore,India balancing on developing the threat hunting program in organization, how and where to start from as well threat hunting demos as it would look on the ground with hands on labs for 100+ participants.
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program.
This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
From ATT&CKcon 3.0
By Ismael Valenzuela and Jose Luis Sanchez Martinez, Trellix
The Trellix team believes that creating and sharing compelling stories about cyber threats -with ATT&CK- is a powerful way for raising awareness and enabling actionability against cyber threats.
In this talk the team will share their experiences leveraging ATT&CK to disseminate Threat knowledge to different audiences (Software Development teams, Managers, Threat detection engineers, Threat hunters, Cyber Threat Analysts, Support Engineers, upper management, etc.).
They will show concrete examples and representations created with ATT&CK to describe the threats at different levels, including: 1) an Attack Path graph that shows the overall flow of the attack; 2) Tactic-specific TTP summary tables and graphs; 3) very detailed, step-by-step description of the attacker's behaviors.
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.
MITRE ATT&CK is quickly gaining traction and is becoming an important standard to use to assess the overall cyber security posture of an organization. Tools like ATT&CK Navigator facilitate corporate adoption and allow for a holistic overview on attack techniques and how the organization is preventing and detecting them. Furthermore, many vendors, technologies and open-source initiatives are aligning with ATT&CK. Join Erik Van Buggenhout in this presentation, where he will discuss how MITRE ATT&CK can be leveraged in the organization as part of your overall cyber security program, with a focus on adversary emulation.
Erik Van Buggenhout is the lead author of SANS SEC599 - Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. Next to his activities at SANS, Erik is also a co-founder of NVISO, a European cyber security firm with offices in Brussels, Frankfurt and Munich.
UN/ITU - Organisational Structures and Incident Management - CybersecurityDr David Probert
In-Depth Presentation for the Cybersecurity Workshop that was Jointly Organised by the UN/ITU and CITEL in Salta City, Argentina - November 2010. The presentation focuses on the implementation of the recommended UN/ITU (International Telecommunications Union) Global Cybersecurity Agenda and the importance of CERTs (Computer Emergency Response Teams)
Presentation talks about introduction to MITRE ATT&CK Framework, different use cases, pitfalls to take care about.. Talk was delivered @Null Bangalore and @OWASP Bangalore chapter on 15th February 2019.
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
Threat Hunting Procedures and Measurement MatriceVishal Kumar
This document will provide the basics of Cyber Threat Hunting and answers of some Q such as; What is Threat Hunting?, What is the Importance of Threat Hunting, and How it can be start....Bla..Bla..Bla...
Delivered 1 - day Practical Threat Hunting workshop at sacon.io in Bangalore,India balancing on developing the threat hunting program in organization, how and where to start from as well threat hunting demos as it would look on the ground with hands on labs for 100+ participants.
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program.
This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
From ATT&CKcon 3.0
By Ismael Valenzuela and Jose Luis Sanchez Martinez, Trellix
The Trellix team believes that creating and sharing compelling stories about cyber threats -with ATT&CK- is a powerful way for raising awareness and enabling actionability against cyber threats.
In this talk the team will share their experiences leveraging ATT&CK to disseminate Threat knowledge to different audiences (Software Development teams, Managers, Threat detection engineers, Threat hunters, Cyber Threat Analysts, Support Engineers, upper management, etc.).
They will show concrete examples and representations created with ATT&CK to describe the threats at different levels, including: 1) an Attack Path graph that shows the overall flow of the attack; 2) Tactic-specific TTP summary tables and graphs; 3) very detailed, step-by-step description of the attacker's behaviors.
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
In order to effectively defend your organization, you must think about the offensive strategy as well. But before we get ahead of ourselves let’s talk briefly about the building blocks of a good offense. First is an architecture that is built around a security policy that is aligned with the business risk. Risk must be understood and a cookie cutter approach must be avoided here because again every organization is different and so are their risks.
MITRE ATT&CK is quickly gaining traction and is becoming an important standard to use to assess the overall cyber security posture of an organization. Tools like ATT&CK Navigator facilitate corporate adoption and allow for a holistic overview on attack techniques and how the organization is preventing and detecting them. Furthermore, many vendors, technologies and open-source initiatives are aligning with ATT&CK. Join Erik Van Buggenhout in this presentation, where he will discuss how MITRE ATT&CK can be leveraged in the organization as part of your overall cyber security program, with a focus on adversary emulation.
Erik Van Buggenhout is the lead author of SANS SEC599 - Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. Next to his activities at SANS, Erik is also a co-founder of NVISO, a European cyber security firm with offices in Brussels, Frankfurt and Munich.
UN/ITU - Organisational Structures and Incident Management - CybersecurityDr David Probert
In-Depth Presentation for the Cybersecurity Workshop that was Jointly Organised by the UN/ITU and CITEL in Salta City, Argentina - November 2010. The presentation focuses on the implementation of the recommended UN/ITU (International Telecommunications Union) Global Cybersecurity Agenda and the importance of CERTs (Computer Emergency Response Teams)
Application Threat Modeling In Risk ManagementMel Drews
How to perform threat modeling of software to protect your business, critical assets and communicate your message to your boss and the Board of Directors
Slides for an overview lecture explaining how risk management and controls are the route to explaining why information security matters to business. Plus a bonus discussion of why incident handling is no longer optional.
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
Benny Czarny presented an introduction to malware and anti-malware to computer science students at San Francisco State University. The presentation introduced the concept of malware, types of malware, and methods for detecting malware. Benny provided examples of historical malware and illustrations of the difficulties that security vendors face in detecting threats.
Weaponised Malware & APT Attacks: Protect Against Next-Generation ThreatsLumension
Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats
The weaponisation of software has ushered in a new era of cyber attacks. But with 99% of organizations not prepared for this new front line of cyber-warfare, what does this spell for your business?
• Gain a detailed overview of the next generation of threats out there
• Understand how to detect key threats and attacks before they develop a stranglehold on your business
• Implement the right integrated strategy to keep you safe from cybercriminals on today’s front line
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
2014 NSF Cybersecurity Summit keynote presentation from Matthew Rosenquist, Cybersecurity Strategist for Intel Corp.
Cybersecurity is difficult. It is a serious endeavor which strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk have matured and expanded on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the challenges, organizational opportunities, and explore best practices to align investments in security to the risk appetite of an organization.
EU General Data Protection Regulation & Transborder Information FlowDavid Erdos
These slides are based on the talk I gave to the Wisconsin International Law Journal's Annual Symposium "Stamping Privacy's Passport? The Role of International Law in Safeguarding Individual Privacy" (Wisconsin, USA; 8 April 2016). This talk argued that European data protection's formal understanding of transborder data flow regulation (TBDF) is not only potentially very broad but has not appropriately balanced data protection against other key rights such as freedom of information and association. Many of these existing structural difficulties are exacerbated under the newly agreed General Data Protection Regulation (GDPR). In order to better reconcile the values at stake, Data Protection Authorities (DPAs) should also develop models to "authorize" low-risk TBDFs via self-certification by data controllers themselves. Member States should also make broad use of the derogations the Regulation leaves available. More generally, a contextual, risk-based interpretation of the GPDR must be developed which seeks to provide robust privacy and other individual safeguards without putting in jeopardy Europe’s other core values and liberties.
Overview of challenges faced while risk assessment of applications and their vulnerabilities. Then demonstrating OWASP risk rating methodology to solve this problem statement.
I presented on this topic at ISC2 Delhi meet in September, 2013
Objetivo: Formar auditores internos desarrollando las competencias suficientes para interpretar e implementar los requisitos de los 11 puntos de control exigidos por la autoridad al interior de su organización ante una auditoría de certificación NEEC y CTPAT.
TEMAS DESTACADOS
-Pasos a seguir para complementar la aplicación de ingreso CTPAT y/o NECC
-Análisis de los 11 puntos de control NECC:
1. Planeación de la seguridad en la cadena de suministros
2. Seguridad de socios comerciales
3. Seguridad de los procesos
4. Gestión aduanera
5. Seguridad en los contenedores y remolques
6. Seguridad de las instalaciones
7. Controles de acceso físico
8. Seguridad del personal
9. Seguridad de la información y documentación
10. Capacitación y concientización en seguridad
11. Investigación y manejo de incidentes
-Trazabilidad y gestión de procesos de seguridad
-Manual de inspección CTPAT a contenedores y remolques
-Normas, estándares y buenas practicas CTPAT, NECC, ISO 28000: Suply Chain Security Management
-Como construir la toma de conciencia de la seguridad en cadena de abastecimiento por parte de empleados y socios comerciales
ANALISIS Y DESARROLLO DE LA CERTIFICACION A,AA ,AAA
•Nuevas certificaciones para empresas IMMEX
Para el caso de las empresas certificadas tipo A, obtendrán un crédito fiscal en sus operaciones destinadas a los regímenes aduaneros de importación temporal para elaboración, transformación o reparación en programas de maquila o de exportación y obtención de la devolución de IVA en un plazo que no excederá de 20 días contados a partir del día siguiente a la presentación de la solicitud respectiva. En el caso de la certificación AA y AAA la devolución del IVA será en 15 y 10 días respectivamente adicionalmente de otros beneficios mencionados
DIRIGIDO A:
Gerentes de control, compras, importación y exportación, área legal, finanzas, capital humano, seguridad, trafico, logística, socios comerciales y toda aquella persona interesada en el tema.
2 sesiones de 8 horas (habrá desayuno y comida).
Costo: $7,000.00 M.N. IVA INCLUIDO por persona
Fechas: 4 y 5 de abril.
Contacto: serviciosintegralesseg@gmail.com
La gestión del Cambio en los Proyectos TecnológicosTICAnoia
10 ideas clave y 4 ejemplos prácticos
1. El coste del “no cambio”
2. La Gestión del Cambio y los proyectos
3. Transformación, gestión del cambio y adopción tecnológica
4. Barreras en la gestión del cambio en los proyectos
5. No cambian las organizaciones. Cambian los individuos
6. Kotter, un marco de referencia
7. Prosci(ADKAR), una metodología práctica
8. Elementos de un Plan de Gestión del Cambio
9. Comunicación
10. Las 4 P’s para asegurarel cambio
Ejemplo: CTTI
Ejemplo: Microsoft (Technology Adoption)
Ejemplo: WorkPlaceAdvantage Program
Ejemplo: MIC Productivity
On 14/4/2016 EU Data Privacy had been approved the regulation which is, nowadays, mandatory. However companies have 2 years to carry out its suitability before receiving an economic penalty for not having completed it - deadline: 25/05/2016
Did you lock the door before leaving your house this morning? If you did, you threat modeled without even realizing it. Threat modeling is identifying potential threats (house robbery) and implementing measures to mitigate the risk (locking your door).
Protecting valuable assets, no matter if personal assets or business-related assets such as the software you are developing, threat modeling should become an instinctual and necessary part of your process.
Our talk highlights how nearly 50% of security flaws can be mitigated through threat modeling. We help you prevent and mitigate risks by utilizing a reliable and hard-hitting analysis technique that can be applied to individual applications or across an entire portfolio. We show you how to effectively apply these techniques at the start of the design phase and throughout every phase of the development lifecycle so you can maximize the ROI of your security efforts.
Topics covered include:
• Threat Modeling 101
• The propagating effect of poor design
• Tabletop exercise – a world with and without threat modeling
• Best practices and metrics for every stakeholder
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...EC-Council
Today there is a dispute over the ethics of operations involving honeypots and honeynets in cyber security. However, many organizations will adopt the use of such techniques and tools to develop defensive strategies to stop attackers. For professional offensive security practitioners, detecting, bypassing, and even avoiding honeypots is a new challenge and much is to be discovered and shared. This brief will work to accomplish these objectives and begin the development of a new framework for Counter Honeypot Operations (CHOps).
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...CODE BLUE
As the security industry has grown we've seen every aspect of our world become more complicated and more overwhelming. We're consistently promised solutions and technology to make our lives easier, to stop the attacker, to catch them quicker, to automate the pain away, but the reality falls flat. Frankly, it's underwhelming. Understanding where your program stands today, where you should spend time and resources, and how best to reduce risk to your organization are key aspects of any program. Join us to discuss and discover what some of the largest organizations in the world are doing to try to make sense of it all, and how they got there.
With more than 50,000 new malware created every day organisations can no longer afford to risk the financial and reputational impacts of a security or data breach, which can be too much for a business to recover from. Because of this, IT managers face increasing scrutiny and pressure from CEOs, managing directors and boards to prove that they are keeping the organisation secure.
The changing threat landscape means organisations need to be vigilant and smarter about security. While businesses still face threats from infected devices and malware, attackers have also moved beyond that. For example, there is an increasing number of targeted email attacks with cyber criminals spending time to monitor communications so they can imitate emails that are so sophisticated that even relatively savvy users will open them.
This webinar will explore the building blocks required to ensure you have the roadmap required to best protection against cyber attacks. We will provide you with a high level view of the following topics:
· Audit and discovery – What are your weaknesses and are you compliant?
· Education – Do your employees know when not to open that attachment?
· Policy – Do you have the right policies for your industry?
· Technology – Where to start and what has changed?
Taking the Attacker Eviction Red Pill [updated]Frode Hommedal
This presentation is about how you can structure your analysis to increase the chances of success when attempting to evict an advanced attacker. It's my thoughts on how to think when deciding how and when to respond and attempt to evict a mission driven attacker from your infrastructure. This is a continuation of my previous work on the Cyber Threat Intelligence Matrix.
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
Vulnerability Assessments, Penetration Tests and Red Teaming – Do you know what these tactics are all about? In this session, we will present our understanding of these practices in terms of when to apply them and what to expect. Nowadays, organizations run on top of hundreds, if not thousands, of Information Technology assets with some of them on premise and others cloud based. Having control over all of this is a challenging task. Based on our extensive experience with securing our customers, I will show what real findings and attack trends look like while hopefully, shedding some light on how to be prepared to resist current attacks.
With more than 50,000 new malware created every day organisations can no longer afford to risk the financial and reputational impacts of a security or data breach, which can be too much for a business to recover from. Because of this, IT managers face increasing scrutiny and pressure from CEOs, managing directors and boards to prove that they are keeping the organisation secure.
The changing threat landscape means organisations need to be vigilant and smarter about security. While businesses still face threats from infected devices and malware, attackers have also moved beyond that. For example, there is an increasing number of targeted email attacks with cyber criminals spending time to monitor communications so they can imitate emails that are so sophisticated that even relatively savvy users will open them.
This webinar will explore the building blocks required to ensure you have the roadmap required to best protection against cyber attacks. We will provide you with a high level view of the following topics:
· Audit and discovery – What are your weaknesses and are you compliant?
· Education – Do your employees know when not to open that attachment?
· Policy – Do you have the right policies for your industry?
· Technology – Where to start and what has changed?
Building a Successful Threat Hunting ProgramCarl C. Manion
Understanding the key components necessary to build a successful threat hunting program starts with visibility, the appropriate tools and automation. Skilled, experienced analysts, engineers and incident responders with analytical minds who can apply concepts and approaches to a variety of different toolsets are also instrumental to the process. In this presentation, We'll describe and discuss some of the most common challenges, recommended best practices, and focus areas for achieving an effective threat hunting capability based on lessons learned over the past 15 years.
How to build a cyber threat intelligence programMark Arena
Delivered at ACSC in Canberra on 10 April 2018.
Associated intelligence requirements spreadsheet is available for download at https://www.dropbox.com/s/rtisz5zdy5sl1w1/ACSC-Reqs.xlsx?dl=0
knowthyself : Internal IT Security in SA SensePost
Presentation by Charl van der Walt and Roelof Temmingh at IIR in 2000.
The presentation begins with a discussion on global risks, threats, internal risk and security assessments. Steps to building a strong security culture within an organization are discussed. The presentation ends with a brief overview of intrusion detection systems and their use in internal security.
How to Build and Validate Ransomware Attack Detections (Secure360)Scott Sutherland
Ransomware is a strategy for adversaries to make money – a strategy that’s proven successful. During this presentation, we will cover how ransomware works, ransomware trends to watch, best practices for prevention, and more. At the core of the discussion, Scott will explain how to build detections for common tactics, techniques, and procedures (TTPs) used by ransomware families and how to validate they work, ongoing, as part of the larger security program. Participants will leave this webinar with actionable advice to ensure their organization is more resilient to ever-evolving ransomware attacks.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
2. …Or as we used to
be called, simply:
Our mission was different back then.
3. A little more about me…
• Served as the NCOIC for Counter Intelligence, Psychological
Operations, and Operation Security and network warfare for an
Air Force Information Warfare Flight
Information Security Architect Umpqua Bank
• Risk Assessments
• Project Engagement Security Support
• Security Awareness
Previous:
• Information Security Manager: Portland Community College
• Network Warfare Operations / Influence Operations NCOIC:
Air Force
• Intelligence Detachment Section Leader: Army National
Guard
Eric Jernigan MSIA, CISSP, CISM, CRISC
Actual me
7. Questions
• Do you do application risk assessments?
• Do you use threat modeling?
• Are you familiar with OWASP’s Threat
Agent content?
• Do you use a taxonomy of threat actors?
• Why? Why Not?
10. Intel Threat Agent Library
Timothy Casey, Intel Corporation
• Threat Agent Library Helps Identify Information Security Risks
• Prioritizing Information Security Risks with Threat Agent Risk Assessment
11. What the TAL?
• TAL identifies 22 threat agent archetypes, such
as disgruntled employee, competitor, and
organized crime
• Provides consistent, reference describing the
human threat actors that pose threats to IT
systems and other information assets
• Use it as a stand-alone tool or as part of other
standard risk assessment methodologies
13. • Build upon OWASP’s threat agent materials
• Increase the accuracy of your threat models
• Use alone or in conjunction with other
methodologies
• Build threat based risk assessments
• Use the output to feed into risk assessments
• Integrate into Threat Intelligence
Why the Threat Agent Library?
14. Vulnerability Part of the information security infrastructure that could represent a
weakness to attack in the absence of a control.
Threat Agent Person who originates attacks, either with malice or by accident,
taking advantage of vulnerabilities to create loss.
Threat Actor An individual or group that can manifest a threat.
Motivation Internal reason a threat agent wants to attack. Objective What the
threat agent hopes to accomplish by the attack.
Method Process by which a threat agent attempts to exploit a vulnerability to
achieve an objective.
Attack Action of a threat agent to exploit a vulnerability.
Control Tools, processes, and measures put in place to reduce the risk of loss
due to a vulnerability.
Exposure Vulnerability without a control.
Operating Terms
16. Internal Agent has internal access.
External Agent has only external access.
Access
Access This defines the extent of the agent’s access to the company’s
assets.
17. Acquisition/
Theft
Illicit acquisition of valuable assets for resale or extortion in a way
that preserves the assets’ integrity but may incidentally damage
other items in the process
Business
Advantage
Increased ability to compete in a market with a given set of products.
The goal is to acquire business processes or assets.
Damage Injury to Intel personnel, physical or electronic assets, or intellectual
property
Embarrassment Public portrayal of Intel in an unflattering light, causing Intel to lose
influence, credibility, competitiveness, or stock value
Technical
Advantage
Illicit improvement of a specific product or production capability. The
primary target is to acquire production processes or assets rather
than a business process
Outcome (Objective)
The agent’s primary goal— what the agent hopes to accomplish with a typical
attack. Also consider: Information Operations Effects
18. Code of
Conduct
Agents typically follow both the law and a code of
conduct accepted within a profession. Example: an
auditor
Legal Agents act within the limits of applicable laws. Example:
Legal Adversary
Extra-legal,
minor
Agents may break the law in relatively minor, non-
violent ways, such as minor vandalism or trespass.
Example: Activist
Extra-legal,
major
Agents take no account of the law and may engage in
felonious behavior resulting in significant impact or
extreme violence. Example: organized crime
Limits
The legal and ethical limits to which the agent may be prepared to
break the law.
19. Individual Resources limited to the average individual; agent acts independently.
Minimum skill level: None
Club Members interact on a social and volunteer basis, often with little personal
interest in the specific target. Group persists long term. Minimum skill
level: Minimal
Contest A short-lived and perhaps anonymous interaction that concludes when the
participants have achieved a single goal. Minimum skill level: Minimal
Operational Team: A formally organized group with a leader, typically motivated by a
specific goal and organized around that goal. Group persists long term and
typically operates within a single region. Minimum skill level: Operational.
Organization Larger and better resourced than a Team. Usually operates in multiple
geographies and persists long term. Minimum skill level: Adept.
Government Controls public assets and functions within a jurisdiction; very well
resourced and persists long term. Minimum skill level: Adept.
Resource Level
The organizational level at which determines the resources available
to that agent for use in an attack. Linked to the Skill Level attribute
20. None Has average intelligence and ability and can easily carry
out random acts of disruption or destruction, but has no
expertise or training in the specific methods necessary
for a targeted attack.
Minimal Can copy and use existing techniques. Example:
Untrained Employee.
Operational Understands underlying technology or methods and can
create new attacks within a narrow domain.
Adept Expert in technology and attack methods, and can both
apply existing attacks and create new ones to greatest
advantage
Skill Level
The special training or expertise an agent typically possesses.
21. Copy Make a replica of the asset so the agent has
simultaneous access to it.
Destroy Destroy the asset, which becomes worthless to either
Intel or the agent.
Injure Damage the asset, which remains in Intel’s possession
but has only limited functionality or value.
Take Gain possession of the asset so that Intel has no
access to it.
Don’t Care: The agent does not have a rational plan, or may make
a choice opportunistically at the time of attack.
Obective (Intended Action)
The action that the agent intends to take in order to achieve a desired
outcome.
22. Overt The agent deliberately makes the attack and the
agent’s identity is known before or at the time of
execution
Covert The victim knows about the attack at the time it
occurs, or soon after. However, the agent of the
attack intends to remain unidentified
Clandestine The agent intends to keep both the attack and his or
her identity secret
Visibility
The extent to which the agent intends to conceal or reveal his or
her identity.
25. Intel’s TARA
• Build’s upon the TAL
• Identifies the most
likely attack vectors to
support secure
development
• Pinpoint the
information security
areas of greatest
concern
• Stand alone threat
centric methodology
26. 1. Measure current threat agent risks
2. Distinguish threat agents that exceed baseline
acceptable risks.
3. Derive primary intent of those threat agents.
4. Assess capabilities likely to manifest.
5. Assess Operational Constraints.
6. Align strategy to target the most significant
exposures.
TARA Process
27.
28. Call to action
• OWASP Threat Agent Page out of date
• Updates needed to both home page and
template
• Most sub categories are empty
Proposal:
• Nix Force Majeure (Natural: Flood, fire, etc.
unless secure code is affected by it…)
• Implement TAL into OWASP Threat Actor
Page/articles
29. While you napped… (summary)
• Don’t let vendors and news broadcasters
determine who is your top threat actors are
• Build upon OWASP’s threat agent materials
• Increase the accuracy of your threat models
• Pinpoint the information security areas of
greatest concern
• Use the output to feed into risk assessments
• Proposal: Implement TAL into OWASP Threat
Actor Page/articles
33. Image Credits
All images in this presentation were found on public facing websites.
The presenter believes such use constitutes a 'fair use' of copyrighted
material as provided in Section 107 of the US Copyright Law. In
accordance with Title 17 U.S.C. Section 107, the material in the
presentation is provided without profit to those who have expressed a
prior interest in receiving the included information for research and
educational purposes. For further information on fair use, go
to: http://www4.law.cornell.edu/uscode/html/uscode17/usc_sec_17_0
0000107----000-.html.
Please do not reprint any photos. If you wish to use copyrighted
material from the presentation for purposes of your own that go
beyond fair use, you must obtain permission from the copyright owner.
Editor's Notes
Assess
Access This defines the extent of the agent’s access to the company’s assets.
Internal: Agent has internal access.
External: Agent has only external access.
Outcome
This usually defines the agent’s primary goal— what the agent hopes to accomplish with a typical attack. However, with non-hostile agents, such as an untrained employee, the outcome may be unintentional. The agent may use many methods to achieve this goal, and the primary goal may have secondary or ancillary effects.
Acquisition/Theft: Illicit acquisition of valuable assets for resale or extortion in a way that preserves the assets’ integrity but may incidentally damage other items in the process.
Business Advantage: Increased ability to compete in a market with a given set of products. The goal is to acquire business processes or assets.
Damage: Injury to Intel personnel, physical or electronic assets, or intellectual property.
Embarrassment: Public portrayal of Intel in an unflattering light, causing Intel to lose influence, credibility, competitiveness, or stock value. Technical Advantage: Illicit improvement of a specific product or production capability. The primary target is to acquire production processes or assets rather than a business process.
Limits
These are the legal and ethical limits that may constrain the agent. This characteristic also defines the extent to which the agent may be prepared to break the law. Options are:
Code of Conduct: Agents typically follow both the applicable laws and an additional code of conduct accepted within a profession or an exchange of goods or services. Example: an auditor falls within the Information Partner agent archetype.
Legal: Agents act within the limits of applicable laws. Example: Legal Adversary
Extra-legal, minor: Agents may break the law in relatively minor, non-violent ways, such as minor vandalism or trespass. Example: Activist. Extra-legal, major: Agents take no account of the law and may engage in felonious behavior resulting in significant financial impact or extreme violence. Example: members of organized crime organizations (Mobster agent).
This defines the organizational level at which an agent typically works, which in turn determines the resources available to that agent for use in an attack. This attribute is linked to the Skill Level attribute—a specific organizational level implies that the agent has access to at least a specific skill level.
Individual: Resources limited to the average individual; agent acts independently. Minimum skill level: None.
Club: Members interact on a social and volunteer basis, often with little personal interest in the specific target. An example might be a core group of unrelated activists who regularly exchange tips on a particular blog. Group persists long term. Minimum skill level: Minimal.
Contest: A short-lived and perhaps anonymous interaction that concludes when the participants have achieved a single goal. For example, people who break into systems just for thrills or prestige (agent Cyber-Vandal) may run contests to see who can break into a specific target first. Minimum skill level: Minimal
Operational. Team: A formally organized group with a leader, typically motivated by a specific goal and organized around that goal. Group persists long term and typically operates within a single geography. Minimum skill level: Operational.
Organization: Larger and better resourced than a Team; typically a company. Usually operates in multiple geographies and persists long term. Minimum skill level: Adept.
Government: Controls public assets and functions within a jurisdiction; very well resourced and persists long term. Minimum skill level: Adept.
Skill Level
The special training or expertise an agent typically possesses.
None: Has average intelligence and ability and can easily carry out random acts of disruption or destruction, but has no expertise or training in the specific methods necessary for a targeted attack.
Minimal: Can copy and use existing techniques. Example: Untrained Employee.
Operational: Understands underlying technology or methods and can create new attacks within a narrow domain.
Adept: Expert in technology and attack methods, and can both apply existing attacks and create new ones to greatest advantage. Example: Legal Adversary.