SANS Digital Forensics and Incident Response Blog: Category - Cyber Threat Intelligence

WannaCry Ransomware Threat : What we know so far - WEBCAST slides

The WannaCry ransomware worm is unprecedented for two reasons. First, it's a ransomware worm. Second, it appears to be using a recently patched exploit that was stolen from NSA to propagate. Jake Williams' firm, Rendition Infosec, has been tracking the use of this exploit since it was publicly released and completed another internet-wide scan of … Continue reading WannaCry Ransomware Threat : What we know so far - WEBCAST slides


Critiques of the DHS/FBI's GRIZZLY STEPPE Report

Author credit: FOR578 Threat Intelligence course Robert M. Lee Source: Blog originally posted 12/30/2016 Attend the Webcast:"Analyzing the DHS/FBI's GRIZZLY STEPPE Report" Jan 6 2017 at 1 pm ET On December 29th, 2016 the White House released a statement from the President of the United States (POTUS) that formally accused Russia of interfering with the … Continue reading Critiques of the DHS/FBI's GRIZZLY STEPPE Report


CALL FOR PAPERS - SANS Cyber Threat Intelligence Summit 2017

Summit Dates: January 31, 2017 and February 1, 2017 Training Course Dates: January 25-30, 2017Summit Venue: Renaissance Arlington Capital View Hotel — Arlington, VA Deadline to Submit is July 29, 2016. To submit click here This year the CTI Summit is going old school. CTI is a relatively new field, however … Continue reading CALL FOR PAPERS - SANS Cyber Threat Intelligence Summit 2017


The Problems with Seeking and Avoiding True Attribution to Cyber Attacks

By Robert M. Lee Attribution to cyber attacks means different things to different audiences. In some cases analysts only care about grouping multiple intrusions together to identify an adversary group or their campaign. This helps analysts identify and search for patterns. In this case analysts often use made up names such as "Sandworm" just to … Continue reading The Problems with Seeking and Avoiding True Attribution to Cyber Attacks


DFIR Summit 2016 - Call for Papers Now Open

The 9th annual Digital Forensics and Incident Response Summit will once again be held in the live musical capital of the world, Austin, Texas. The Summit brings together DFIR practitioners who share their experiences, case studies and stories from the field. Summit attendees will explore real-world applications of technologies and solutions from all aspects of … Continue reading DFIR Summit 2016 - Call for Papers Now Open