FIRST CTI Symposium will take place from 9 to 11 March in Zurich. There will be one day of training followed by two days of plenary sessions. This event will be open to both FIRST members and non-members.
The agenda of the Symposium is now online . Continue reading “FIRST CTI Symposium 2020 Agenda is out!!”
Happy New Year everyone! 2019 was just another interesting year in CTI. Every year I use to list my top 20 CTI presentations. See below the ones I enjoyed most, I learned something that I used in my day to day work, and gave me insights into cyber threats. I hope you enjoy them and I am looking forward to seeing your favourite ones. Enjoy and let’s have a chat about them (and about yours) during an upcoming CTI event in 2020! Continue reading “Top 20 CTI Presentations for 2019”
On 17 September 2019, I participated in ENISA’s NIS Summer School 2019 that took place in Heraklion, Greece. The Summer School had 4 parallel training sessions (CTI, CyberDefence, Incident Response and Crypto) and the participants were mostly graduate students as well as infosec professionals.
I joined the CTI training sessions as an instructor for “Intelligence Requirements” as well as “CTI Reporting”. In this post, I will focus mostly on the session that was about Intelligence Requirements. Intelligence requirements is something that is very close to my heart and it was my pleasure to present this concept to the students of the summer school. Continue reading “Intelligence Requirements: the Sancho Panza of CTI”
January was an interesting moth for CTI practitioners! I took some time and collected the major articles and presentations that I read and watched during January 2019.
I hope you enjoy it. Continue reading “Threat Intel Reads – January 2019”
Reading ENISA Threat Landscape Report 2018
The annual ENISA Threat Landscape report for 2018 is out! The report focuses on the threat landscape changes and developments in motives and tactics of the most important threat agent groups, namely cyber-criminals and state-sponsored actors. Continue reading “ENISA Threat Landscape 2018 Report”
Another year has passed and lots of good CTI/DFIR stuff have been presented! I took some time to watch again some of my favourite talks within 2018 and list my favourite 20 ones. The list provided below has a CTI focus, however some of the most representative talks related to blue team/red team as well as ICS have been selected. I hope you enjoy it! Continue reading “My Top 20 CTI/DFIR Talks for 2018”
On 5th and 6th November 2018, the annual CTI-EU event took place in Brussels. CTI-EU is organised by European Union Agency for Network and Information Security (ENISA) in cooperation with DG Connect, CERT-EU and EDA
The event had various sessions with different focus (see full agenda here):
Continue reading “Let’s make CTI great (again)!”
This is a great blog post from Digital Shadows . Their team has gone through Mueller GRU indictment and mapped the mentioned capabilities to ATT&CK framework TTPs (accompanied with mitigation advice per TTP).
Blue teams should learn from this type of analysis:
Continue reading “Mapping Threat Actor TTPs to ATT&CK Framework”
2016 was a year full of interesting presentations and conferences! I took a moment to think about the presentations that helped me better understand the threat landscape, introduced me to new tools and processes, provided inspiration for my team and help me with my daily operations.
The selection of the presentations below is subjective but indicative of the trends regarding the DFIR community during 2016. Moreover, the below sequence is completely random.
I would appreciate any feedback and I would be more than happy to be sent your ones! Enjoy!
Continue reading “My favorite DFIR presentations for 2016”
Some of you may or may not know my weekly newsletter called “Threat Intel Weekend Reads” that started being published in December 2014. What I tried to do today was to go back to all the newsletter editions of 2016 and select my favorite headline articles. During the upcoming days I will try to deep dive once again and provide more insights on DFIR, Threat Intel and Threat Hunting! Any feedback would be more than welcome! Enjoy!
Continue reading “Threat Intel Annual Reads 2016”