{"id":448,"date":"2018-06-03T10:07:57","date_gmt":"2018-06-03T10:07:57","guid":{"rendered":"https:\/\/www-new.brucon.org\/2018\/?page_id=448"},"modified":"2018-09-13T17:35:12","modified_gmt":"2018-09-13T15:35:12","slug":"thinking-behind-enemy-lines-actionable-threat-intelligence-tools-and-technique","status":"publish","type":"page","link":"https:\/\/archive.brucon.org\/2018\/brucon-2018-training\/thinking-behind-enemy-lines-actionable-threat-intelligence-tools-and-technique\/","title":{"rendered":"Thinking Behind Enemy Lines \u2013 Actionable Threat Intelligence Tools and Technique"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row][vc_column][vc_column_text]<\/p>\n<h2><span id=\"Course_Description\" class=\"mw-headline\">Course Description<\/span><\/h2>\n<div class=\"thumb tright\">\n<div class=\"thumbinner\">\n<div class=\"thumbcaption\">\n<div class=\"magnify\">\n<p><span style=\"font-weight: 400\">Security has long ago become more than just malware reverse engineering. To defend your organization, you need to analyze your adversary\u2019s intent, opportunities and capabilities. The tools and skills needed are not only of deep technical nature, but also require one to leverage available intelligence and counterintelligence information and know how to make the most of it.<\/span><\/p>\n<p><span style=\"font-weight: 400\">To become a good intelligence analyst, you need to acquire a different way of thinking \u2013 an analytical mindset, which requires getting acquainted with field proven intelligence techniques and methodologies. These will serve as the basis for doing your daily analysis tasks in a much more productive and sophisticated way.<\/span><\/p>\n<p><span style=\"font-weight: 400\">In this course, which will include both lectures and hands on training, we will learn how to look beyond the malware itself in order to dig information on the infrastructure and actor behind it. We will understand the adversary&#8217;s intents, way of thinking and the risk it poses against our threat model, to develop the best protections and mitigations. We will get familiarized with tools for gaining insight into attacker\u2019s workflow and learn how to integrate those into the organization. \u00a0The students will be capable to go back to their organization and immediately start utilizing the lessons learned to proactively defend their network.<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2><span id=\"Course_contents\" class=\"mw-headline\">Course contents<\/span><\/h2>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Introduction to Cyber Threat Intelligence and CTI Models<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">The intelligence process<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">The cybercrime eco systems <\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Advanced searching and Google hacking<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Data collection and sources<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Data sharing tools<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Leveraging DNS for threat intelligence <\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">The Malware Information Sharing Platform <\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Honeypots, malware labs and other tools<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">OPSEC<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Introduction to attribution <\/span><\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2><span id=\"Target_audience\" class=\"mw-headline\">Target audience<\/span><\/h2>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Network analysts and defenders<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">SOC analysts<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Incident responders<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Anyone who is interested in learning a new skillset that will allow them to get ahead of their adversaries<\/span><\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2><span id=\"Requirements\" class=\"mw-headline\">Requirements<\/span><\/h2>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Basic scripting (bash\/python)<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Understanding of malware and networking<\/span><\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2><span id=\"Hardware.2Fsoftware_Requirements\" class=\"mw-headline\">Hardware\/Software Requirements<\/span><\/h2>\n<ul>\n<li><span style=\"font-weight: 400\">Laptop capable of running VMs<\/span><\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row][vc_column width=&#8221;5\/6&#8243;][vc_column_text]<\/p>\n<h2><span id=\"Trainer_Biography\" class=\"mw-headline\">Trainer Biography<\/span><\/h2>\n<p><span style=\"font-weight: 400\">Irena Damsky is the founder of <\/span><a href=\"https:\/\/damsky.tech\/\" class=\"broken_link\"><span style=\"font-weight: 400\">damsky.tech<\/span><\/a><span style=\"font-weight: 400\"> \u2013 CTI Research, Training and Consulting. She is a security and intelligence researcher and developer based in Israel. Her focus is on threat intelligence, networking, malware &amp; data analysis and taking out bad guys as she is running the company and provides the different services. <\/span><\/p>\n<p><span style=\"font-weight: 400\">Prior to starting <\/span><a href=\"https:\/\/damsky.tech\/\" class=\"broken_link\"><span style=\"font-weight: 400\">damsky.tech<\/span><\/a><span style=\"font-weight: 400\">, Irena held different roles in the industry from ranging from Threat intelligence leader to VP of Security Research and served over six years in the Israeli Intelligence Forces, where she now holds the rank of Captain in the Reserve Service. She is a frequent speaker at security events, holds a BSc and MSc in Computer Science, and is fluent in English, Russian, and Hebrew.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Website: <\/span><a href=\"https:\/\/damsky.tech\" class=\"broken_link\"><span style=\"font-weight: 400\">https:\/\/damsky.tech<\/span><\/a><\/p>\n<p><span style=\"font-weight: 400\">Twitter: @DamskyIrena<\/span><\/p>\n<p><span style=\"font-weight: 400\">LinkedIN: https:\/\/www.linkedin.com\/in\/irenadam\/<\/span>[\/vc_column_text][\/vc_column][vc_column width=&#8221;1\/6&#8243;][vc_single_image image=&#8221;1102&#8243; css=&#8221;.vc_custom_1528315144861{margin-top: 50% !important;}&#8221;][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>[vc_row][vc_column][vc_column_text] Course Description Security has long ago become more than just malware reverse engineering. To defend your organization, you need to analyze your adversary\u2019s intent, opportunities and capabilities. The tools and skills needed are not only of deep technical nature, but also require one to leverage available intelligence and counterintelligence information and know how to make the most of it. To become a good intelligence analyst, you need to acquire a different way of thinking&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":75,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-448","page","type-page","status-publish"],"_links":{"self":[{"href":"https:\/\/archive.brucon.org\/2018\/wp-json\/wp\/v2\/pages\/448","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/archive.brucon.org\/2018\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/archive.brucon.org\/2018\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2018\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2018\/wp-json\/wp\/v2\/comments?post=448"}],"version-history":[{"count":6,"href":"https:\/\/archive.brucon.org\/2018\/wp-json\/wp\/v2\/pages\/448\/revisions"}],"predecessor-version":[{"id":1591,"href":"https:\/\/archive.brucon.org\/2018\/wp-json\/wp\/v2\/pages\/448\/revisions\/1591"}],"up":[{"embeddable":true,"href":"https:\/\/archive.brucon.org\/2018\/wp-json\/wp\/v2\/pages\/75"}],"wp:attachment":[{"href":"https:\/\/archive.brucon.org\/2018\/wp-json\/wp\/v2\/media?parent=448"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}