Another year has passed and lots of good CTI/DFIR stuff have been presented! I took some time to watch again some of my favourite talks within 2018 and list my favourite 20 ones. The list provided below has a CTI focus, however some of the most representative talks related to blue team/red team as well as ICS have been selected. I hope you enjoy it!
- [ATT&CK] MITRE ATT&CKcon 2018: Advancing Infosec
Presenter : John Lambert
URL : https://www.youtube.com/watch?v=yslLIqfOKCU - [CTI] Threat Intelligence Naming Conventions: Threat Actors, & Other Ways of Tracking Threats
Presenter : Robert M. Lee
URL : https://www.youtube.com/watch?v=3CUNlgQBwc4 - [CTI} Attributing Active Measures, Then and Now – SANS CTI Summit 2018
Presenter : Thomas Rid
URL : https://www.youtube.com/watch?v=XEYc7VnTFSc - [CTI] A Brief History of Disinformation, and What to Do About It
Presenter : Matt “Pwn all the Things” Tait
URL : https://www.youtube.com/watch?v=yTla4rCblzQ - [CTI] Area41 2018: Keynote – Attribution 2.0
Presenter : Costin Raiu
URL : https://www.youtube.com/watch?v=jeLd-gw2bWo - [CTI] Black Hat Asia 2018 Day 2 Keynote: A Short Course in Cyber Warfare Presenter : thegrugq
URL : https://www.youtube.com/watch?v=gvS4efEakpY - [CTI] DEF CON 26 – NSA Talks Cybersecurity
Presenter : Rob Joyce
URL : https://www.youtube.com/watch?v=gmgV4r25XxA - [CTI] I Can Haz Requirements?: Requirements and CTI Program Success – SANS CTI Summit 2018
Presenter : Michael Rea
URL : https://www.youtube.com/watch?v=Aqo3IcVQs_M - [CTI] Survival Heuristics: My Favorite Techniques for Avoiding Intelligence Traps – SANS CTI Summit 2018
Presenter : Carmen Medina
URL : https://www.youtube.com/watch?v=kNv2PlqmsAc - [CTI} Leveraging Curiosity to Enhance Analytic Technique – SANS Cyber Threat Intelligence Summit 2018
Presenter : Chris Sanders
URL : https://www.youtube.com/watch?v=E4oJdOhLEnU - [CTI] Intelligence Preparation of the Cyber Environment – SANS Cyber Threat Intelligence Summit 2018
Presenter : Rob Dartnall
URL : https://www.youtube.com/watch?v=3bXr-CF9NBI - [Blue Team/Red Team] Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)
Presenter : Daniel Bohannon
URL : https://www.youtube.com/watch?v=mej5L9PE1fs - [ATT&CK] ATT&CKing the Status Quo: Improving Threat Intel and Cyber Defense with MITRE ATT&CK
Presenters : Katie Nickels & John Wunder
URL : https://www.youtube.com/watch?v=p7Hyd7d9k-c - [ATT&CK] x33fcon 2018 – Threat-based Purple Teaming with ATT&CK
Presenters : Chris Korban and Cody Thomas
URL : https://www.youtube.com/watch?v=OYEP-YAKIn0 - [Blue Team] BruCON 0x0A – $SignaturesAreDead = “Long Live RESILIENT Signatures” wide ascii nocase
Preseneters : Daniel Bohannon and Matthew Dunwoody
URL : https://www.youtube.com/watch?v=YGJaj6_3dGA - [Red Team] HITBGSEC 2018 D2: Traversing The Kill-Chain: The New Shiny In 2018 Presenter : Vincent Yiu
URL : https://www.youtube.com/watch?v=w1fNGOKkeSg - [Red Team] Red Teaming in the EDR age
Presenter : Will Burgess
URL : https://www.youtube.com/watch?v=l8nkXCOYQC4 - [APT] APTinder: An optimized approach for finding that perfect APT match
Presenter : Matthew Berninger
URL : https://www.youtube.com/watch?v=zMdHGY53VEw - [ICS] a) TRITON – Schneider Electric Analysis and Disclosure
Presenter : Schneider Electric
URL : https://www.youtube.com/watch?v=f09E75bWvkk
b) TRITON – Mandiant Analysis at S4x18
Presenter : Blake Johnson
URL : https://www.youtube.com/watch?v=nAU8X03Eg9c
c) TRITON – Reverse Engineering the Tricon Controller
Presenter : Reid Wightman
URL : https://www.youtube.com/watch?v=m51JrxdvEV8 - [ICS] ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018
Presenter : Robert M. Lee
URL : https://www.youtube.com/watch?v=IvkB90JTRjk
Tilting at windmills 