Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Homemade Ramen & Threat Intelligence
Search
Scott J. Roberts
January 29, 2018
Technology
2
500
Homemade Ramen & Threat Intelligence
My talk for the 2018 SANS CTI Summit focused on understanding CTI as a craft.
Scott J. Roberts
January 29, 2018
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
95
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
69
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
35
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
23
Introduction to Open Source Security Tools
sroberts
3
4.8k
Building Effective Threat Intelligence Sharing
sroberts
1
120
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
110
Crisis Communication for Incident Response
sroberts
1
330
Hipster DFIR on OSX - BSidesCincy
sroberts
3
3.2k
Other Decks in Technology
See All in Technology
サーバーなしでWordPress運用、できますよ。
sogaoh
PRO
0
110
APIとはなにか
mikanichinose
0
100
5分でわかるDuckDB
chanyou0311
10
3.2k
1等無人航空機操縦士一発試験 合格までの道のり ドローンミートアップ@大阪 2024/12/18
excdinc
0
170
Microsoft Azure全冠になってみた ~アレを使い倒した者が試験を制す!?~/Obtained all Microsoft Azure certifications Those who use "that" to the full will win the exam! ?
yuj1osm
2
110
Oracle Cloudの生成AIサービスって実際どこまで使えるの? エンジニア目線で試してみた
minorun365
PRO
4
290
終了の危機にあった15年続くWebサービスを全力で存続させる - phpcon2024
yositosi
22
20k
サービスでLLMを採用したばっかりに振り回され続けたこの一年のあれやこれや
segavvy
2
500
Amazon VPC Lattice 最新アップデート紹介 - PrivateLink も似たようなアップデートあったけど違いとは
bigmuramura
0
200
ブラックフライデーで購入したPixel9で、Gemini Nanoを動かしてみた
marchin1989
1
540
LINEヤフーのフロントエンド組織・体制の紹介【24年12月】
lycorp_recruit_jp
0
530
PHP ユーザのための OpenTelemetry 入門 / phpcon2024-opentelemetry
shin1x1
3
1.1k
Featured
See All Featured
StorybookのUI Testing Handbookを読んだ
zakiyama
27
5.3k
Faster Mobile Websites
deanohume
305
30k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
810
Being A Developer After 40
akosma
87
590k
Product Roadmaps are Hard
iamctodd
PRO
49
11k
Making the Leap to Tech Lead
cromwellryan
133
9k
4 Signs Your Business is Dying
shpigford
181
21k
Making Projects Easy
brettharned
116
5.9k
Producing Creativity
orderedlist
PRO
341
39k
Navigating Team Friction
lara
183
15k
Code Review Best Practice
trishagee
65
17k
Embracing the Ebb and Flow
colly
84
4.5k
Transcript
HOMEMADE RAMEN & THREAT INTEL A recipe for both
SCOTT J ROBERTS Instructor: SANS FOR578 Cyber Threat Intelligence Author:
Intelligence Driven Incident Response
METAPHOR WARNING!!!
WHAT IS RAMEN?
WHAT IS THREAT INTELLIGENCE?
THE GOAL Understand the combination of tools, inputs, process, &
people that lead to creating a threat intelligence capability.
THE TOOLS
“SOMETHING (SUCH AS AN INSTRUMENT OR APPARATUS) USED IN PERFORMING
AN OPERATION OR NECESSARY IN THE PRACTICE OF A VOCATION OR PROFESSION” Merriam-Webster: Tool (Def 2a)
THE TOOLS FOR RAMEN
TOOLS ➤ Tongs ➤ Ladle ➤ “Spider” ➤ Knives &
Cutting Boards ➤ “Base Infrastructure:” Pots & Pans, Stove Top Burner
INFRARED THERMOMETER Aka Kitchen Laser Gun
THE TOOLS FOR CTI
TIP: YETI
WORKBENCH: MALTEGO
DETECTIONS: YARA & SNORT
3RD PARTY SOURCES: PASSIVE TOTAL & SHODAN
KEY: FITTING INTO YOUR ENVIRONMENT
“ “Remember, it is never the knife's fault.” – Daniel
Boulud
THE INGREDIENTS
“SOMETHING THAT ENTERS INTO A COMPOUND OR IS A COMPONENT
PART OF ANY COMBINATION OR MIXTURE” Merriam-Webster: Ingredient
THE INGREDIENTS FOR RAMEN
BROTH BASE ➤ 1 cup rough diced red delicious apple
(about 1) ➤ 1 cup rough diced garlic (about 3 heads) ➤ 1 cup rough diced ginger ➤ 1 medium yellow onion ➤ 1/2 rack pork baby back ribs ➤ 12 cups water ➤ 1 cup soy sauce
NOODLES
BROTH EXTRAS ➤ 1 sheet kombu ➤ handfull rough choped
dry shiitake mushrooms ➤ 1 half a diced sweet potato ➤ Ends of 1 bunch green onions
SERVING EXTRAS ➤ Slow Poached Eggs ➤ Nori/Wakame ➤ Siracha
➤ Sweet Potato ➤ Grilled Sweet Potato
THE INGREDIENTS FOR THREAT INTELLIGENCE
YOUR OWN INCIDENTS
YOUR TEAMS
VENDOR REPORTS
HONEYPOTS
PEERS/SHARING COMMUNITIES
3RD PARTY PAID INTELLIGENCE
“ Real food doesn't have ingredients, real food is ingredients.
–Jamie Oliver
THE RECIPE
“A SET OF INSTRUCTIONS FOR MAKING SOMETHING FROM VARIOUS INGREDIENTS”
Merriam-Webster: Recipe (2)
THE RECIPE FOR RAMEN
STEPS FOR RAMEN ➤ Bring water (Optional add dry shiitakes
and nori) to a simmer ➤ Add other ingredients (except noodles) and bring to a boil ➤ Reduce heat and simmer 2.5-3 hours (reduced to about half) ➤ Prepare noodles and serve with extras
THE RECIPE FOR THREAT INTELLIGENCE
INTELLIGENCE CYCLE
F3EAD EXPLOIT ANALYZE DISSEMINATE FIND FIX FINISH
LESSONS LEARNED & PRACTICE
“ “Today’s innovation is tomorrow’s tradition.” –Lidia Bastianich
THE COOKS
GREAT COOKS EAT (CONSUME)
GREAT COOKS COOK (CREATE)
GREAT COOKS LEARN (GROWTH)
“ “Cook, cook, and cook. Keep your hands as involved
in the kitchen and as much as you can and don’t seek glamour.” –Gaggan Anand
THE OUTPUT
PICTURE OF RAMEN
INTELLIGENCE PRODUCTS
RFIS
SHORT FORM REPORTS
LONG FORM REPORTS
CONCLUSION
TAKEAWAYS ➤ Think about your tools ➤ Get to know
and understand your inputs ➤ Focus on honing your processes ➤ Grow your people
RAMEN RECIPE ➤ 1 cup rough diced red delicious apple
(about 1) ➤ 1 cup rough diced garlic (about 3 heads) ➤ 1 cup rough diced ginger ➤ 1 medium yellow onion ➤ 1/2 rack pork baby back ribs ➤ 12 cups water ➤ 1 cup soy sauce ➤ Bring water to a simmer ➤ Add other ingredients and bring to a boil ➤ Reduce heat to low and simmer 2.5-3 hours ➤ Remove ribs & discard veggies, shred pork, & prepare ramen noodles ➤ Plate w/ noodles, broth, pork, & extras then serve ➤ Good extras ideas include Slow Poached Eggs, Nori/Wakame, Siracha, Grilled Sweet Potato
THANKS
“ “Usually, one’s cooking is better than one thinks it
is.” –Julia Child