Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Homemade Ramen & Threat Intelligence
Search
Scott J. Roberts
January 29, 2018
Technology
2
550
Homemade Ramen & Threat Intelligence
My talk for the 2018 SANS CTI Summit focused on understanding CTI as a craft.
Scott J. Roberts
January 29, 2018
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
LLM SATs FTW
sroberts
0
510
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
24
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
120
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
120
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
74
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
51
Introduction to Open Source Security Tools
sroberts
3
4.9k
Building Effective Threat Intelligence Sharing
sroberts
1
120
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
120
Other Decks in Technology
See All in Technology
AIを使っていい感じにE2Eテストを書けるようになるまで / Trying to Write Good E2E Tests with AI
katawara
3
1.7k
分散トレーシングによる コネクティッドカーのデータ処理見える化の試み
thatsdone
0
240
AI Ready API ─ AI時代に求められるAPI設計とは?/ AI-Ready API - Designing MCP and APIs in the AI Era
yokawasa
21
5.9k
DATA+AI SummitとSnowflake Summit: ユーザから見た共通点と相違点 / DATA+AI Summit and Snowflake Summit
nttcom
0
220
「手を動かした者だけが世界を変える」ソフトウェア開発だけではない開発者人生
onishi
15
6.2k
スプリントゴール未達症候群に送る処方箋
kakehashi
PRO
1
250
「AI駆動開発」のボトルネック『言語化』を効率化するには
taniiicom
1
160
Shadow DOMとセキュリティ - 光と影の境界を探る / Shibuya.XSS techtalk #13
masatokinugawa
0
280
Power Automate のパフォーマンス改善レシピ / Power Automate Performance Improvement Recipes
karamem0
0
200
Wasmで社内ツールを作って配布しよう
askua
0
130
新規事業におけるAIリサーチの活用例
ranxxx
0
160
低レイヤソフトウェア技術者が YouTuberとして食っていこうとした話
sat
PRO
7
5.9k
Featured
See All Featured
The Language of Interfaces
destraynor
158
25k
Site-Speed That Sticks
csswizardry
10
720
Documentation Writing (for coders)
carmenintech
72
4.9k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.5k
Unsuck your backbone
ammeep
671
58k
The Cost Of JavaScript in 2023
addyosmani
51
8.6k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
48
2.9k
GraphQLの誤解/rethinking-graphql
sonatard
71
11k
Git: the NoSQL Database
bkeepers
PRO
431
65k
How GitHub (no longer) Works
holman
314
140k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
130
19k
Transcript
HOMEMADE RAMEN & THREAT INTEL A recipe for both
SCOTT J ROBERTS Instructor: SANS FOR578 Cyber Threat Intelligence Author:
Intelligence Driven Incident Response
METAPHOR WARNING!!!
WHAT IS RAMEN?
WHAT IS THREAT INTELLIGENCE?
THE GOAL Understand the combination of tools, inputs, process, &
people that lead to creating a threat intelligence capability.
THE TOOLS
“SOMETHING (SUCH AS AN INSTRUMENT OR APPARATUS) USED IN PERFORMING
AN OPERATION OR NECESSARY IN THE PRACTICE OF A VOCATION OR PROFESSION” Merriam-Webster: Tool (Def 2a)
THE TOOLS FOR RAMEN
TOOLS ➤ Tongs ➤ Ladle ➤ “Spider” ➤ Knives &
Cutting Boards ➤ “Base Infrastructure:” Pots & Pans, Stove Top Burner
INFRARED THERMOMETER Aka Kitchen Laser Gun
THE TOOLS FOR CTI
TIP: YETI
WORKBENCH: MALTEGO
DETECTIONS: YARA & SNORT
3RD PARTY SOURCES: PASSIVE TOTAL & SHODAN
KEY: FITTING INTO YOUR ENVIRONMENT
“ “Remember, it is never the knife's fault.” – Daniel
Boulud
THE INGREDIENTS
“SOMETHING THAT ENTERS INTO A COMPOUND OR IS A COMPONENT
PART OF ANY COMBINATION OR MIXTURE” Merriam-Webster: Ingredient
THE INGREDIENTS FOR RAMEN
BROTH BASE ➤ 1 cup rough diced red delicious apple
(about 1) ➤ 1 cup rough diced garlic (about 3 heads) ➤ 1 cup rough diced ginger ➤ 1 medium yellow onion ➤ 1/2 rack pork baby back ribs ➤ 12 cups water ➤ 1 cup soy sauce
NOODLES
BROTH EXTRAS ➤ 1 sheet kombu ➤ handfull rough choped
dry shiitake mushrooms ➤ 1 half a diced sweet potato ➤ Ends of 1 bunch green onions
SERVING EXTRAS ➤ Slow Poached Eggs ➤ Nori/Wakame ➤ Siracha
➤ Sweet Potato ➤ Grilled Sweet Potato
THE INGREDIENTS FOR THREAT INTELLIGENCE
YOUR OWN INCIDENTS
YOUR TEAMS
VENDOR REPORTS
HONEYPOTS
PEERS/SHARING COMMUNITIES
3RD PARTY PAID INTELLIGENCE
“ Real food doesn't have ingredients, real food is ingredients.
–Jamie Oliver
THE RECIPE
“A SET OF INSTRUCTIONS FOR MAKING SOMETHING FROM VARIOUS INGREDIENTS”
Merriam-Webster: Recipe (2)
THE RECIPE FOR RAMEN
STEPS FOR RAMEN ➤ Bring water (Optional add dry shiitakes
and nori) to a simmer ➤ Add other ingredients (except noodles) and bring to a boil ➤ Reduce heat and simmer 2.5-3 hours (reduced to about half) ➤ Prepare noodles and serve with extras
THE RECIPE FOR THREAT INTELLIGENCE
INTELLIGENCE CYCLE
F3EAD EXPLOIT ANALYZE DISSEMINATE FIND FIX FINISH
LESSONS LEARNED & PRACTICE
“ “Today’s innovation is tomorrow’s tradition.” –Lidia Bastianich
THE COOKS
GREAT COOKS EAT (CONSUME)
GREAT COOKS COOK (CREATE)
GREAT COOKS LEARN (GROWTH)
“ “Cook, cook, and cook. Keep your hands as involved
in the kitchen and as much as you can and don’t seek glamour.” –Gaggan Anand
THE OUTPUT
PICTURE OF RAMEN
INTELLIGENCE PRODUCTS
RFIS
SHORT FORM REPORTS
LONG FORM REPORTS
CONCLUSION
TAKEAWAYS ➤ Think about your tools ➤ Get to know
and understand your inputs ➤ Focus on honing your processes ➤ Grow your people
RAMEN RECIPE ➤ 1 cup rough diced red delicious apple
(about 1) ➤ 1 cup rough diced garlic (about 3 heads) ➤ 1 cup rough diced ginger ➤ 1 medium yellow onion ➤ 1/2 rack pork baby back ribs ➤ 12 cups water ➤ 1 cup soy sauce ➤ Bring water to a simmer ➤ Add other ingredients and bring to a boil ➤ Reduce heat to low and simmer 2.5-3 hours ➤ Remove ribs & discard veggies, shred pork, & prepare ramen noodles ➤ Plate w/ noodles, broth, pork, & extras then serve ➤ Good extras ideas include Slow Poached Eggs, Nori/Wakame, Siracha, Grilled Sweet Potato
THANKS
“ “Usually, one’s cooking is better than one thinks it
is.” –Julia Child