Profiling the Attacker - Using Offender Profiling in SOC Environments

Explore offender profiling techniques for enhancing Security Operations Center (SOC) environments in this 19-minute conference talk from Security BSides London. Delve into a technical framework for building a comprehensive knowledge base on malicious actors. Learn how to develop an information classification system for assets, plot attack significance, conduct attack factor comparison analysis, and discern attacker motives. Examine the attacker kill chain, create malicious actor profile checklists, and establish naming conventions for threat actors. Gain insights into preemptive security measures and understand the importance of profiling in modern cybersecurity practices through real-world examples and practical methodologies.

Introduction
Preemptive security
Outline
Who am I
What is offender profiling
Why is offender profiling important
Security is important
Examples of offender profiling
How offender profiling works
Alices example
Method Zero
Method One Frequency
Method Two Frequency
Method Three Frequency
Method Five Classification
Summary