Tag: dfir

SANS DFIR Prague 2023

SANS DFIR Prague 2023

On 1 October 2023, I attended SANS Institute DFIR Europe Summit in Prague. It was my first time participated in this conference and I really enjoyed the content shared. I loved the presentation from Simone Kraus (Orange) on “Threat Informed Defense & Detection Engineering with MITRE ATT&CK” and the one from Chris Doman (Cado Security) presenting on “A New Perspective on Resource-Level Cloud Forensics”.

From 2 to 7 October 2023, I did my first co-teach for SANS Cyber Threat Intelligence FOR578 course. I would like to thank all the students for their active participation and the perspectives they brought to the class. Moreover, I would love to thank SANS EMEA people for all their support.

Continue reading “SANS DFIR Prague 2023”

CrySyS Lab Analysis on NSA’s Territorial Dispute

CrySyS Lab has provided a great document on its analysis on NSA’s perspective on the APT landscape. The analysis is based on Shadow Brokers leak (“Lost in Translation” leak) and most specifically on the module called “Territorial Dispute“. The purpose of this module is to detect presence of competing state intelligence services. NSA wanted to secure its operations, avoid any conflict between “Five Eyes” group as well as get intelligence on the targets of the competing state intelligence services.

See below some interesting points related to the analysis done by CrySyS Lab:

Continue reading “CrySyS Lab Analysis on NSA’s Territorial Dispute”