On 7 December 2022, ENISA CTI-EU 2022 took place in Brussels. I had the pleasure to present about putting how CTI teams can put their CTI process in motion. The problem statement was how CTI teams track the work they do and manage the CTI knowledge they produce. I elaborated on the value of workflow and case management for CTI teams and some basic ingredients for success.Continue reading “Setting Your CTI Process In Motion”
ENISA Threat Landscape 2022 – Threat Actor Trends
On 3 November 2022, ENISA published its Threat Landscape 2022 report, which is the annual report of the EU Agency for Cybersecurity on the state of the cybersecurity threat landscape. This is the 10th edition of the ETL report and covers a reporting period from July 2021 to July 2022. ETL report is an annual must-read for most cyber security professionals (at least) within the EU. The report might look long at first glance (~150 pages), but it is split into separate sections:Continue reading “ENISA Threat Landscape 2022 – Threat Actor Trends”
ENISA CTI-EU 2022 Conference
ENISA organises the fourth edition of the CTI-EU event on 7 December 2022 in Brussels. This is a great opportunity for the CTI Community to review the most relevant topics on the domain. The main objective of the CTI-EU event is to bring experts, researchers, practitioners and academics together to promote the dialogue and envision the future of Cyber Threat Intelligence for Europe. The participation is free of charge.Continue reading “ENISA CTI-EU 2022 Conference”
FIRST CTI Symposium 2022 Recap
All good things come to an end! FIRST CTI Symposium 2022 took place on 1, 2, and 3 of November 2022 and was a BLAST! If I chose one word to summarise what I felt during the conference days, I would say COMMUNITY is the right one. 300 CTI people from all over the world got connected after 2,5 years of work and virtual conferences from their home office.Continue reading “FIRST CTI Symposium 2022 Recap”
Top 25 CTI Presos for 2020 (pandemic version)
Hey folks! 2020 was a year to remember mostly because of non-CTI related stuff. Every year I write a blog post about my top CTI presentations but this time I am a little bit late (aren’t we still in 2020 mode in any case?).
Due to the pandemic, we had the opportunity to participate in many online conferences/summits and watch lots of presentations. See below (in random order) the CTI presentations I enjoyed most, learned something that I applied to my day-to-day work, and gave me insights into cyber threats and CTI practices.
Hopefully this year we will have more F2F conferences and interaction. Enjoy and stay safe!
Continue reading “Top 25 CTI Presos for 2020 (pandemic version)”
SANS CTI Summit 2020 Video Recording
Woohoo! My presentation during SANS CTI Summit 2020 was selected among SANS top-rated 2020 presentations!! Below you can watch it and feel free to provide any feedback. Enjoy :)
CrySyS Lab Analysis on NSA’s Territorial Dispute
CrySyS Lab has provided a great document on its analysis on NSA’s perspective on the APT landscape. The analysis is based on Shadow Brokers leak (“Lost in Translation” leak) and most specifically on the module called “Territorial Dispute“. The purpose of this module is to detect presence of competing state intelligence services. NSA wanted to secure its operations, avoid any conflict between “Five Eyes” group as well as get intelligence on the targets of the competing state intelligence services.
See below some interesting points related to the analysis done by CrySyS Lab:
Continue reading “CrySyS Lab Analysis on NSA’s Territorial Dispute”