Let’s make CTI great (again)!

On 5th and 6th November 2018, the annual CTI-EU event took place in Brussels. CTI-EU is organised by  European Union Agency for Network and Information Security (ENISA) in cooperation with DG Connect, CERT-EU and EDA

 The event had various sessions with different focus (see full agenda here):

Continue reading “Let’s make CTI great (again)!”

Advertisements

Mapping Threat Actor TTPs to ATT&CK Framework

This is a great blog post from Digital Shadows . Their team has gone through Mueller GRU indictment and mapped the mentioned capabilities to ATT&CK framework TTPs (accompanied with mitigation advice per TTP). 

Blue teams should learn from this type of analysis:

Continue reading “Mapping Threat Actor TTPs to ATT&CK Framework”

My favorite DFIR presentations for 2016

 

2016 was a year full of interesting presentations and conferences! I took a moment to think about the presentations that helped me better understand the threat landscape, introduced me to new tools and processes, provided inspiration for my team and help me with my daily operations.

The selection of the presentations below is subjective but  indicative of the trends regarding the DFIR community during 2016. Moreover, the below sequence is completely random.

I would appreciate any feedback and I would be more than happy to be sent your ones! Enjoy!

Continue reading “My favorite DFIR presentations for 2016”

Threat Intel Annual Reads 2016

Some of you may or may not know my weekly newsletter called “Threat Intel Weekend Reads” that started being published in December 2014. What I tried to do today was to go back to all the newsletter editions of 2016 and select my favorite headline articles. During the upcoming days I will try to deep dive once again and provide more insights on DFIR, Threat Intel and Threat Hunting!  Any feedback would be more than welcome! Enjoy!

Continue reading “Threat Intel Annual Reads 2016”