Historically “Indicator of Compromise” appears as a result of compromise. That’s why there is still an illusion that the attacker is one step ahead of his victim. However, the asymmetry can be removed. Classical methods of collecting and processing attributes of an attacker, who has already left his tracks somewhere, can be supplemented and enriched with a new source of IoCs – the Proactive Threat Intelligence.
The approach can give insights about IP-addresses that could be affected with new malware epidemy before it appears in classic IoC-feeds. It could give you insight before your resource appears in arbitrary IoC-feeds. In turn, with the insights about proactive TI and countermeasures, we will give you the toolset to implement the approach correctly in your infrastructure.
The workshop provides practical guidance and attendees should walk away with the following knowledge:
- how to enhance existing Threat Intelligence using a proactive approach (TTP);
- how to integrate the approach to current security strategy;
- open-source honeypot-tools review, its implementation and result processing to deliver valuable TI;
- attribution (TTP);
- the annoyance of the attacker (TTP).
The post “Proactive Threat Intelligence” workshop at #TheSAS2019 appeared first on Denis Makrushin .