Author: andreas.sfakianakis

Intelligence Requirements: the Sancho Panza of CTI

Screen Shot 2019-09-25 at 00.39.39

On 17 September 2019, I participated in ENISA’s NIS Summer School 2019 that took place in Heraklion, Greece. The Summer School had 4 parallel training sessions (CTI, CyberDefence, Incident Response and Crypto) and the participants were mostly graduate students as well as infosec professionals.

I joined the CTI training sessions as an instructor for “Intelligence Requirements”  as well as “CTI Reporting”. In this post, I will focus mostly on the session that was about Intelligence Requirements. Intelligence requirements is something that is very close to my heart and it was my pleasure to present this concept to the students of the summer school. Continue reading “Intelligence Requirements: the Sancho Panza of CTI”

ENISA Threat Landscape 2018 Report

Reading ENISA Threat Landscape Report 2018

The annual ENISA Threat Landscape report for 2018 is out! The report focuses on the threat landscape changes and developments in motives and tactics of the most important threat agent groups, namely cyber-criminals and state-sponsored actors. Continue reading “ENISA Threat Landscape 2018 Report”

My Top 20 CTI/DFIR Talks for 2018

Another year has passed and lots of good CTI/DFIR stuff have been presented! I took some time to watch again some of my favourite talks within 2018 and list my favourite 20 ones. The list provided below has a CTI focus, however some of the most representative talks related to blue team/red team as well as ICS have been selected. I hope you enjoy it! Continue reading “My Top 20 CTI/DFIR Talks for 2018”

Cooperation between CSIRTs and Law Enforcement: interaction with the Judiciary

ENISA has recently published a report on “Cooperation between CSIRTs and Law Enforcement: interaction with the Judiciary”.

The report aims to support the cooperation between CSIRTs and Law Enforcement, as well as their interaction with the judiciary in their fight against cybercrime, by providing information on the legal, organisational, technical and cultural aspects, identifying current shortcomings and making recommendations to further enhance cooperation. Continue reading “Cooperation between CSIRTs and Law Enforcement: interaction with the Judiciary”

Let’s make CTI great (again)!

On 5th and 6th November 2018, the annual CTI-EU event took place in Brussels. CTI-EU is organised by  European Union Agency for Network and Information Security (ENISA) in cooperation with DG Connect, CERT-EU and EDA

 The event had various sessions with different focus (see full agenda here):

Continue reading “Let’s make CTI great (again)!”

NCSC-UK Annual Review 2018 and Active Defence

On 16 October, NCSC-UK (part of GCHQ) released their second annual review for 2018. The report is really well-written and provides insights on how large scale impact can be achieved. This is a really good example of planning and implementing a well structured and funded cyber security program and National Cyber Security Strategy.

What caught my attention is the Active Cyber Defence (ACD) services and their impact:

Continue reading “NCSC-UK Annual Review 2018 and Active Defence”

CrowdStrike’s 2018 Mid-Year Review

During the past week CrowdStrike published its 2018 Mid-Year Review call “Observation from the front lines of threat hunting“. This report provides insights, trends and details on today’s most sophisticated cyber attacks observed by CrowdStrike Falcon OverWatch team.

Some interesting points of the report include:

Continue reading “CrowdStrike’s 2018 Mid-Year Review”

Anti-Virus Log Analysis Cheat Sheet (v1.5)

Florian Roth published the new version of Anti-Virus Log Analysis Cheat Sheet (version 1.5). I highly recommend to implement monitoring of the events included in this cheat sheet. To my mind, this is the easiest and quickest win and AV logs are one of the first things I hunt whenever I go to a new environment.

The new version has information on :

Continue reading “Anti-Virus Log Analysis Cheat Sheet (v1.5)”