SANS Digital Forensics and Incident Response Blog: Category - Cyber Threat Intelligence

Data, Information, and Intelligence: Why Your Threat Feed Is Likely Not Threat Intelligence

Threat feeds in the industry are a valuable way to gather information regarding adversaries and their capabilities and infrastructure. Threat feeds are usually not intelligence though. Unfortunately, one of the reasons many folks become cynical about threat intelligence is because the industry has pushed terminology that is inaccurate and treated threat intelligence as a solution … Continue reading Data, Information, and Intelligence: Why Your Threat Feed Is Likely Not Threat Intelligence


Just-In-Time VirusTotal Hash Checking

Hardly a day goes by without me hearing the phrase 'Threat Intelligence' being used in the context of big budget enterprise protection, but recently I have been giving some thought to what this means to the home user and small business. Most computers have (or at least, should have!) up-to-date antivirus software installed which provides … Continue reading Just-In-Time VirusTotal Hash Checking


Was DPRK behind the Sony hack?

UPDATE:While this post was embargoed, various news outlets have claimed that sources in the US Government are confirming North Korea's involvement in the Sony hack. I don't have the intelligence they have access to and North Korea has already denied participation in the hack publicly. If North Korea was behind the attack, then it heralds … Continue reading Was DPRK behind the Sony hack?


SANS Cyber Threat Intelligence Summit - Call For Papers Now Open

SANS Cyber Threat Intelligence Summit Call For Papers 2015. Send your submissions to CTISummit@sans.org by 5 pm EST on Friday, October 24, 2014 with the subject "SANS CTI Summit CFP 2015." Dates: Summit Dates: February 2 & 3, 2015Pre''Summit Course Dates: February 4''9, 2015 Location:Washington, DC Our 3rd annual Cyber Threat Intelligence (CTI) Summit … Continue reading SANS Cyber Threat Intelligence Summit - Call For Papers Now Open


Case Leads: A Forensicator's take on BlackHat/DefCon/BSides

It's been a busy time in digital forensics and incident response (DFIR). Every summer, for over 20 years, infosec and forensicators and old school hackers have gathered in Las Vegas. A mixture of very deep tech talks, trainings, and technology oriented distractions "flood the zone" in Las Vegas. Close to 15-20,000 people were in Las … Continue reading Case Leads: A Forensicator's take on BlackHat/DefCon/BSides