SANS Digital Forensics and Incident Response Blog: Category - Cyber Threat Intelligence

DFIR Summit 2016 - Call for Papers Now Open

The 9th annual Digital Forensics and Incident Response Summit will once again be held in the live musical capital of the world, Austin, Texas. The Summit brings together DFIR practitioners who share their experiences, case studies and stories from the field. Summit attendees will explore real-world applications of technologies and solutions from all aspects of … Continue reading DFIR Summit 2016 - Call for Papers Now Open


SANS ThreatConnect DFIR Threat Intelligence Sharing Community Announced

ARLINGTON, Va.-(BUSINESS WIRE)-ThreatConnect Inc., creator of the most widely adopted Threat Intelligence Platform (TIP), today announceda partnership with SANS Digital Forensics and Incident Response (DFIR). The partnership will bring together the two organizations' strengths - ThreatConnect's Cyber Threat Intelligence (CTI) aggregation, analytics and community collaboration with SANS' cutting-edge Incident Response training courses. "We are seeing … Continue reading SANS ThreatConnect DFIR Threat Intelligence Sharing Community Announced


A Threat Intelligence Script for Qualitative Analysis of Passwords Artifacts

The Verizon Data Breach Report has consistently said, over the years, passwords are a big part of breach compromises. Dr. Lori Cranor, and her team, at CMU has done extensive research on how to choose the best password policies verses usability. In addition, Alison Nixon's research describes techniques to determine valid password of an organization … Continue reading A Threat Intelligence Script for Qualitative Analysis of Passwords Artifacts


Data, Information, and Intelligence: Why Your Threat Feed Is Likely Not Threat Intelligence

Threat feeds in the industry are a valuable way to gather information regarding adversaries and their capabilities and infrastructure. Threat feeds are usually not intelligence though. Unfortunately, one of the reasons many folks become cynical about threat intelligence is because the industry has pushed terminology that is inaccurate and treated threat intelligence as a solution … Continue reading Data, Information, and Intelligence: Why Your Threat Feed Is Likely Not Threat Intelligence


Just-In-Time VirusTotal Hash Checking

Hardly a day goes by without me hearing the phrase 'Threat Intelligence' being used in the context of big budget enterprise protection, but recently I have been giving some thought to what this means to the home user and small business. Most computers have (or at least, should have!) up-to-date antivirus software installed which provides … Continue reading Just-In-Time VirusTotal Hash Checking