Finding the Best TI Provider for a Specific Purpose
Offered By: Cooper via YouTube
Course Description
Overview
Explore a comprehensive analysis of Threat Intelligence (TI) providers in this 40-minute conference talk from Hack.lu 2018. Dive into the mission of finding the most suitable TI provider for specific purposes, guided by A. Hickey and D. Roecher. Learn about the detection stack, threat modeling, and the approach to developing a standard model for evaluating TI vendors. Examine the process of pulling data for specific time windows, comparing APT Indicators of Compromise (IoCs) across different dimensions, and assessing timeliness and false positives. Gain valuable insights for TI vendors, Blue Teamers, and security researchers as the speakers share their findings and takeaways from this in-depth investigation into the effectiveness of various Threat Intelligence providers.
Syllabus
Intro
Mission Briefing
Mission Plan
Notable previous research
Detection Stack
Threat Model
Approach
Develop a Standard Model 1/2
Potential TI vendors
Pull data for a specific time window
Put data into a common platform
Progress Report
Compare APT loC's across different dimensions
Compare timeliness across vendors
Compare false positives
Compare distribution of loc's
Mission completed?
Takeaways for Tl vendors
Takeaways for Blue Teamers
Takeaways for data people & security researchers
Taught by
Cooper
Related Courses
Modern Pentest Tricks for Faster, Wider, Greater EngagementsCooper via YouTube Take Your Path Normalization Off and Pop 0days Out
Cooper via YouTube Make ARM Shellcode Great Again
Cooper via YouTube Digital Safety for Politically Vulnerable Organizations
Cooper via YouTube IPC - The Broken Dream of Inherent Security
Cooper via YouTube