#ctisummit — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #ctisummit, aggregated by home.social.
-
Join me next week at the @SANSInstitute #CTISummit in Arlington, VA where I'll be presenting on an operation against the infostealer #Rhadamanthys from early in its development.
Register @ https://www.sans.org/u/1CtB
-
I'm speaking at the @SANSInstitute #CTISummit on an operation against #Rhadamanthys years before #OperationEndgame.
-
Really appreciated the explanation of multiple orgs' different threat clustering approaches in Morgan D's talk "Clustering Attacker Behavior:
Connecting the Dots in the RaaS Ecosystem" this morning at #CTISummit -
Anyone around #CTIsummit today? Going to drop by and say hello
-
Day 2 of the cti summit is off to an awesome start, with @Rand announcing the open sourcing of his new tool Cratos. Really cool stuff!
-
i've never been much for swag other than shirts and stickers but wearable blanket is a WIN 🔥
somehow @eric_capuano knew my weakness 🧐
-
The alert tells you that one artifact of Bazar has been discovered. Your first task should be finding at least one other Bazar artifact to determine if the malware has actually infected the system.
With any alert that mentions named malware, you’ve got a leg up because you can leverage everything the world already knows about the malware. But, you’ve got to do the research work! Some Googling reveals lots of published information about Bazar. For example, check out these two articles:
1. https://unit42.paloaltonetworks.com/bazarloader-network-reconnaissance/
2. https://www.fortinet.com/blog/threat-research/new-bazar-trojan-variant-is-being-spread-in-recent-phishing-campaign-part-IFrom these articles, you want to look for artifacts that are easy to find given the evidence sources you have available. Ideally, those artifacts are tied to events in the timeline near the event you already know about — the potential C2 traffic. For example, you could…
1. Look for C2 network traffic that matches the pattern in the article
2. Identify executions of new DLLs
3. Seek newly written registry RUN key entriesAmong other things…
Not many folks in the replies actually did research on the malware, but a few did mention doing it. My response of the week goes to @thomaspatzke, who captured some of those ideas (https://infosec.exchange/@thomaspatzke/109788268480096606). Doing research is part of the job and a skill to develop. It involves identifying relevant info, synthesizing it, and knowing your evidence sources well enough to focus your efforts. You get better at it by doing it more and internalizing feedback on what works and doesn’t. Lots of analysts feel like spending time reading about malware is distracting them from the real world of looking at the evidence. Overcome that worry -- doing that reading when alerts like this come up is a core part of the work.
By the way... if you were at the #CTISummit, I did some live forecasting for this scenario 😄
Speaking of research… some folks focused on network artifacts while others focused on host artifacts. Where do you normally focus? In what circumstances might that limit you? That’s something to think about… 🚀 #InvPath #DFIR #SOCAnalyst #ThreatIntel
-
I'm heading home from the SANS #CTISummit and I had such a great time. I want to thank Katie, Rick, Rebekah, and the rest of the summit team for inviting me to keynote. Also, shout out to Jennifer and her team at SANS, who always make me feel so welcome.
I heard many great questions and ideas come from folks after watching my presentation, but my fav came from someone who isn't working in the field yet. They said it made them feel like they understood how analysts work and that the process seemed doable...accessible.
Analyst work is damn hard. If I were to sum up a goal of my research, it's simplifying that complexity and making tacit knowledge more explicit. Our industry needs that to evolve, scale up+down, and face current and future threats.
As I said in the presentation...
Until you make the unconscious conscious, it will direct your life, and you will call it fate. What we do is far too important to be left up to fate.
I've got a lot more to share.
-
So this happened today. Thanks to MSTIC's KC7Cyber team for a great workshop! And thanks @likethecoins for the coin! #CTISummit
-
Loving day 2 of SANS #CTISummit! Storytelling and @vertexproject Synapse are like chocolate and peanut butter, two great tastes that taste great together!
-
Watching "Wargames" at the @sansforensics #CTISummit, in which Matthew Broderick, Aly Sheedy, and #ChatGPT almost start a global thermonuclear war.
-
"Why do I need malware analysis? I pay for a threat feed."
I'm dead.
Tony Lambert is telling us why.
I'm alive again.
-
TIL @likethecoins doesn't disseminate CTI outputs, she "just yeets them out there" #ctisummit
-
Well @chrissanders88 just kicked the #CTISummit off with a bang! Meta cognition is something we don’t spend nearly enough time on within #cti and really should be! 👏
-
@rickhholland @likethecoins @pdxbek Kicking off the #CTISummit. Rick says he's out of practice but it doesn't show.
-
New avatar for @chrissanders88 ?? #CTISummit
-
Just a few minutes away from the start of the @sansforensics #CTISummit, and @chrissanders88 keynote, "Deconstructing the Analyst Mindset". Can't wait!
-
It's #CTISummit morning! I'm giving the keynote where I'll discuss some of my research into how analysts think and work through investigations -- including some new things I haven't shared yet.
I think you can still sign up for the live stream here: https://www.sans.org/cyber-security-training-events/cyber-threat-intelligence-summit-2023/
-
Officially on my way to the @sansforensics #CTISummit. If you're there, say hi and pick up some #PyramidOfPain swag!
-
Officially on my way to the @sansforensics #CTISummit. If you're there, say hi and pick up some #PyramidOfPain swag!
-
Officially on my way to the @sansforensics #CTISummit. If you're there, say hi and pick up some #PyramidOfPain swag!
-
Officially on my way to the @sansforensics #CTISummit. If you're there, say hi and pick up some #PyramidOfPain swag!
-
Officially on my way to the @sansforensics #CTISummit. If you're there, say hi and pick up some #PyramidOfPain swag!
-
At the airport headed to DC for the SANS #CTISummit. I’m excited to see folks! 🛫
-
If anyone wants some #PyramidOfPain swag, hit me up at the @sansforensics #CTISummit next week.
-
If anyone wants some #PyramidOfPain swag, hit me up at the @sansforensics #CTISummit next week.
-
If anyone wants some #PyramidOfPain swag, hit me up at the @sansforensics #CTISummit next week.
-
If anyone wants some #PyramidOfPain swag, hit me up at the @sansforensics #CTISummit next week.
-
If anyone wants some #PyramidOfPain swag, hit me up at the @sansforensics #CTISummit next week.