SANS Digital Forensics and Incident Response Blog: Category - Advanced Persistent Threat

The Problems with Seeking and Avoiding True Attribution to Cyber Attacks

By Robert M. Lee Attribution to cyber attacks means different things to different audiences. In some cases analysts only care about grouping multiple intrusions together to identify an adversary group or their campaign. This helps analysts identify and search for patterns. In this case analysts often use made up names such as "Sandworm" just to … Continue reading The Problems with Seeking and Avoiding True Attribution to Cyber Attacks


SANS #ThreatHuntingSummit Valentine Twitter Contest

Love is in the air and we at SANS DFIR want to celebrate February, the month of love and friendship. To show how much we care about our follower friends, we have created the #ThreatHuntingSummit Twitter contest. This contest comes with a fantastic prize, check it out! On April 12th through 19th, SANS along with … Continue reading SANS #ThreatHuntingSummit Valentine Twitter Contest


SANS ThreatConnect DFIR Threat Intelligence Sharing Community Announced

ARLINGTON, Va.-(BUSINESS WIRE)-ThreatConnect Inc., creator of the most widely adopted Threat Intelligence Platform (TIP), today announceda partnership with SANS Digital Forensics and Incident Response (DFIR). The partnership will bring together the two organizations' strengths - ThreatConnect's Cyber Threat Intelligence (CTI) aggregation, analytics and community collaboration with SANS' cutting-edge Incident Response training courses. "We are seeing … Continue reading SANS ThreatConnect DFIR Threat Intelligence Sharing Community Announced


Threat Hunting and Incident Response Summit - CFP - Closing 12 Oct

The inaugural Threat Hunting and Incident Response Summit will be held in New Orleans, LA on April 12- 13, 2016. The Threat Hunting & Incident Response Summit 2016 focuses on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting your networks. Attend this summit … Continue reading Threat Hunting and Incident Response Summit - CFP - Closing 12 Oct


Hindering Exploitation by Analysing Process Launches

Malware can do some nasty things to your system, but it needs to get on there first. Thankfully, users have become more suspicious of files named FunnyJokes.doc.exe and so malware authors have had to become more innovative, using a mix of social engineering and the constant stream of 0-day browser exploits to land evil code … Continue reading Hindering Exploitation by Analysing Process Launches