Tilting at windmills

Top 20 CTI Presentations for 2019

Advertisements

Happy New Year everyone! 2019 was just another interesting year in CTI. Every year I use to list my top 20 CTI presentations. See below the ones I enjoyed most,  I learned something that I used in my day to day work, and gave me insights into cyber threats. I hope you enjoy them and I am looking forward to seeing your favourite ones. Enjoy and let’s have a chat  about them (and about yours) during an upcoming CTI event in 2020!

  1. [CTI/Tradecraft] SANS CTI Summit 2019: Analytic Tradecraft in the Real World
    Presenter: Amy R. Bejtlich
    Link to video
    Link to presentation
    Comment: My favourite CTI presentation for 2019! It includes tangible takeaways for CTI analysts in terms of analytic tradecraft.
  2. [CTI/Attribution] SANS CTI Summit 2019: A Brief History of Attribution Mistakes
    Presenter: Sarah Jones
    Link to video
    Link to presentation
    Comment: Must-see presentation related to attribution mistakes. This presentation is that useful that Katie Nickels included it in her Top 10 CTI Reading List.
  3. [CTI/CTI Program] FIRST CTI 2019: Building, Running, and Maintaining a CTI Program
    Presenters: Michael J. Schwartz and Ryan Miller
    Link to presentation
    Comment: The slides have very useful tips on how to build your CTI program. Especially like the CTI focus based on the number of FTEs (Full Time Employees) in your CTI team. Don’t forget that this is based on what worked for Target, your organisation might have different needs, priorities, and budget.
  4. [CTI/Reporting] SANS Webcast: Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them
    Presenter: Lenny Zeltser
    Link to video
    Comment: Lenny Zelster providing some top-notch advice on reporting in cyber security. I cannot stress more how important are reporting skills for CTI analysts.
  5. [CTI/Metrics+ATT&CK] FIRST CTI 2019: Metrics and ATT&CK. Or how I failed to measure everything.
    Presenter: Francesco Bigarella
    Link to presentation
    Comment: Francesco nailed it, he knows how to create a slide deck and more importantly he provides lots of insights on CTI metrics…because metrics matter!
  6. [CTI/Intelligence Direction] FIRST CTI 2019: Your Requirements are not my Requirements
    Presenter: Pasquale Stirparo
    Link to presentation
    Comment: Pasquale provides the basics over the value of intelligence requirements within CTI programs. Real-world examples are also presented.
  7. [CTI/Threat Detection] SANS CTI Summit 2019: Quality Over Quantity: Determining Your CTI Detection Efficacy
    Presenter: David Bianco
    Link to video
    Link to presentation
    Comment: After the “Pyramid of pain” David Bianco now presents the “Heatmap of pain”. Nuff said!
  8. [CTI/ICS] SANS ICS Summit 2019: Evolution of ICS attacks: from BlackEnergy3 to TRISIS
    Presenter: Joe Slowik
    Link to presentation
    Comment: Joe Slowik was on fire during 2019. In this presentation, Joe provides his insights on how attacks against ICS have evolved.
  9. [CTI/Metrics] SANS CTI Summit 2019: How to Get Promoted: Developing Metrics to Show How Threat Intel Works
    Presenters: Tony Gidwani and Marika Chauvin
    Link to video
    Link to presentation
    Comment: Great talk on CTI metrics. The highlight is the final slide that includes CTI metrics based on their difficulty to produce and their value.
  10. [CTI/ATT&CK ] ATTCKcon 2.0: Using Threat Intelligence to Focus ATT&CK Activities
    Presenter: David Westin and Andy Kettell
    Link to video
    Link to presentation
    Comment: This presentation shows how Nationwide has implemented its threat actor tracking process (see their quadrant analysis!!!) and how they use ATT&CK framework. Great work!
  11. [CTI/Threat Investigation] Security Analyst Summit 2019: Who is GG?
    Presenters: Juan Andres Guerrero-Saade and Silas Cutler
    Link to video
    Comment: This is again great threat investigation work from Juan Andres and Silas. I would recommend reading also the blog post as well as their interview in The CyberWire .
  12. [CTI/Information Operations] CYBERWARCON: Infosec 1930
    Presenter: Thomas Rid
    Link to presentation
    Comment: Thomas Rid presents the first information operation against US back in 1930. Thomas actually mentioned during the presentation “I’m writing the history of disinformation right now”. A fascinating story!
    (This talk is from  CYBERWARCON 2018 but it was uploaded to Youtube during 2019).
  13. [CTI/ATT&CK] Black Hat 2019: MITRE ATT&CK: The Play at Home Edition
    Presenters: Katie Nickels and Ryan Kovar
    Link to video
    Link to presentation
    Comment: Great introduction on ATT&CK framework. Very nice presentation as well!
  14. [CTI/Information Warfare] Security Analyst Summit 2019: Opaque at Both Ends
    Presenter: thegrugq
    Link to video
    Comment: thegrugq is a great guy to listen to when he speaks on information warfare. Also interesting is his interview on The CyberWire on Influence Operations.
  15. [CTI/Threat Investigation] SANS CTI Summit 2019: Unsolved Mysteries – Revisiting the APT Cold Case Files
    Presenter: Juan Andres Guerrero-Saade
    Link to video
    Comment: Well, I am a little bit biased with Juan Andres Guerrero-Saade. His work in our area is unique and the topics he presents are always intriguing. In this presentation, he discusses about revisiting cold cases with new tools and data and thus gaining more insights on threats. He makes a fair point that sometimes as analysts we analyze threats, we present them (sometimes hyped by marketing which is fairly part of the game) and then we tend to forget about them.
  16. [CTI/ATT&CK] SANS CTI Summit 2019: ATT&CK Your CTI w/ Lessons Learned from 4 Years in the Trenches
    Presenters: Katie Nickels and Brian Beyer
    Link to presentation
    Comment: Very interesting presentation that presents the top ATT&CK techniques used by the adversaries. Interesting here is to observe the diff of techniques used based on 2 different data sets: Red Canary data and MITRE compiled data. A good reminder that different datasets provide different visibility and different analysis results.
  17. [CTI/SecOps] SANS CTI Summit 2019: Meet Me in the Middle: Threat Indications and Warning in Principle & Practice
    Presenter: Joe Slowik
    Link to video
    Link to presentation
    Comment: Practical presentation from Joe Slowik on how CTI can support operations. He explains how a military concept (“indications and warnings”) can be applied within SOCs. Interesting to see the balance between CTI’s finalized intelligence product and SOC’s need for timely threat information.
  18. [CTI/ATT&CK] ATT&CKcon 2.0: TRAM
    Presenter: Sarah Yoder and Jackie Lasky
    Link to video
    Link to presentation
    Comment: TRAM seems like a very promising tool (it is in GitHub and actively developed)! Looking forward to watching their presentation during SANS CTI Summit 2020 “Automation: The Wonderful Wizard of CTI (Or Is It?)”
  19. [CTI/OSINT] CAMLIS 2019: TweetSeeker: Extracting Adversary Methods from the Twitterverse
    Presenter: Matthew Berninger
    Link to video
    Link to presentation
    Comment: Matthew presented last year about APTinder. This year he strikes back with Twitterverse, an attempt to use Twitter as an intelligence source by using data science techniques. The Twitter infosec community is very active and there is quite a lot of information sharing that stays within Twitter, is not properly documented and is not easily searchable. Joe Slowik has also published a relevant blog post on Historical Memory and Information Security.
  20. [CTI/Information Operations] CYBERWARCON: “False Leaks” – A Network Lens on Cyber-Enabled Information Operations
    Presenter: Camille François
    Link to video
    Comment: Interesting analysis of information operations that are designed to disseminate hacked material. The whole issue with leaks is so interesting as they could include false information and could be leveraged for information operations.
    (This talk is from  CYBERWARCON 2018 but it was uploaded to Youtube during 2019).

 

PS. For clarity, the presentations in the above list are in random order.

Advertisements

Advertisements