SANS Digital Forensics and Incident Response Blog: Category - Cyber Threat Intelligence

Critiques of the DHS/FBI's GRIZZLY STEPPE Report

Author credit: FOR578 Threat Intelligence course Robert M. Lee Source: Blog originally posted 12/30/2016 Attend the Webcast:"Analyzing the DHS/FBI's GRIZZLY STEPPE Report" Jan 6 2017 at 1 pm ET On December 29th, 2016 the White House released a statement from the President of the United States (POTUS) that formally accused Russia of interfering with the … Continue reading Critiques of the DHS/FBI's GRIZZLY STEPPE Report


CALL FOR PAPERS - SANS Cyber Threat Intelligence Summit 2017

Summit Dates: January 31, 2017 and February 1, 2017 Training Course Dates: January 25-30, 2017Summit Venue: Renaissance Arlington Capital View Hotel — Arlington, VA Deadline to Submit is July 29, 2016. To submit click here This year the CTI Summit is going old school. CTI is a relatively new field, however … Continue reading CALL FOR PAPERS - SANS Cyber Threat Intelligence Summit 2017


The Problems with Seeking and Avoiding True Attribution to Cyber Attacks

By Robert M. Lee Attribution to cyber attacks means different things to different audiences. In some cases analysts only care about grouping multiple intrusions together to identify an adversary group or their campaign. This helps analysts identify and search for patterns. In this case analysts often use made up names such as "Sandworm" just to … Continue reading The Problems with Seeking and Avoiding True Attribution to Cyber Attacks


DFIR Summit 2016 - Call for Papers Now Open

The 9th annual Digital Forensics and Incident Response Summit will once again be held in the live musical capital of the world, Austin, Texas. The Summit brings together DFIR practitioners who share their experiences, case studies and stories from the field. Summit attendees will explore real-world applications of technologies and solutions from all aspects of … Continue reading DFIR Summit 2016 - Call for Papers Now Open


SANS ThreatConnect DFIR Threat Intelligence Sharing Community Announced

ARLINGTON, Va.-(BUSINESS WIRE)-ThreatConnect Inc., creator of the most widely adopted Threat Intelligence Platform (TIP), today announceda partnership with SANS Digital Forensics and Incident Response (DFIR). The partnership will bring together the two organizations' strengths - ThreatConnect's Cyber Threat Intelligence (CTI) aggregation, analytics and community collaboration with SANS' cutting-edge Incident Response training courses. "We are seeing … Continue reading SANS ThreatConnect DFIR Threat Intelligence Sharing Community Announced