Tag Archives: Tango

Bryson LOUGHMILLER – Speaker @ DefCamp #7

Bryson Loughmiller received his Master of Information Systems Management degree with an emphasis in Information Security from Brigham Young University. For the past year and a half, he’s enjoyed working at Adobe as an Information Security Analyst/Engineer, where he works to correlate large amounts of data in an effort to catch and stop threats. He is an avid Splunk-er, amateur Python-er, and has broken his fair share of VMs while experimenting with systems. Bryson also co-developed MarcoPolo, an open source system (to be released) for phishing prevention and workforce training against social engineering. https://www.linkedin.com/in/brysonloughmiller 

Threat Intelligence! DIY!

Co-Presenter is Daniel Barbu, Adobe – Lead, Information Security Engineer.

Threat Intelligence! It’s a hot topic in information security news, and right now, you’ve probably got several vendors trying to sell you their latest and greatest solution. Whether you purchase intel from companies like Crowdstrike or you leverage open source threat lists, you end up with millions of IoCs that are not relevant for your environment or organization. However, in an effort to migrate from Security Operations Centers to Security Intelligence Centers, threat intelligence represents a critical aspect of a proactive approach towards tackling actors in the current information security landscape. What if you could generate high-value threat indicators that were directly applicable to your organization, without dishing out any extra money? What if you could generate all those indicators using only what you already had in place at your organization? And finally, what if setting up this whole process only took you about a day to complete? This talk will describe how to use IDS data ingested into Splunk to generate high-integrity threat intelligence. We will then discuss how to correlate those indicators with connection logs to identify communications with those actors who have previously attacked your systems. Finally we will discuss how to generate historical profiles about each actor in order to better understand the evolution of their techniques, tactics and procedures and how to automagically store those indicators to generate threat activity alerts in the future. As a bonus, we will show you how to build an eye-catching intelligence report for management.

Read more…

Advertisements

Leave a comment

Filed under InfoSec, Talks

Speaker @ DefCamp #7

Daniel BARBU is a Ph.D candidate in the field of Information Security who brings passion into his daily tasks. He enjoyed learning and growing while working at Electronic Arts, Dell Secureworks and now Adobe. As a member of OWASP Bucharest Chapter and RAISA (Romanian Association for Information Security Assurance) , Daniel is constantly seeking opportunities to popularize information security. On a personal note, he feels he owes his accomplishments to his wife and kid. Daniel is currently leading a team at Adobe Systems Romania where he focuses on the growth of the team members’ skill set.

Threat Intelligence! DIY!

Co-Presenter is Bryson Loughmiller, Information Security Engineer at Adobe.

Threat Intelligence! It’s a hot topic in information security news, and right now, you’ve probably got several vendors trying to sell you their latest and greatest solution. Whether you purchase intel from companies like Crowdstrike or you leverage open source threat lists, you end up with millions of IoCs that are not relevant for your environment or organization. However, in an effort to migrate from Security Operations Centers to Security Intelligence Centers, threat intelligence represents a critical aspect of a proactive approach towards tackling actors in the current information security landscape.

What if you could generate high-value threat indicators that were directly applicable to your organization, without dishing out any extra money? What if you could generate all those indicators using only what you already had in place at your organization? And finally, what if setting up this whole process only took you about a day to complete?

This talk will describe how to use IDS data ingested into Splunk to generate high-integrity threat intelligence. We will then discuss how to correlate those indicators with connection logs to identify communications with those actors who have previously attacked your systems. Finally we will discuss how to generate historical profiles about each actor in order to better understand the evolution of their techniques, tactics and procedures and how to automagically store those indicators to generate threat activity alerts in the future. As a bonus, we will show you how to build an eye-catching intelligence report for management.

Read more…

Leave a comment

Filed under InfoSec, Talks

[Recommended] NullSecure.org Projects

nullsecure.org is a blog written by Brian WAREHIME that I highly recommend! Go take a look…

Source: NullSecure.org Projects

Tango is a Splunk managed Honeypot solution.

threat_note is a web application built for security researchers to add/edit/track/analyze indicators related to their research activity.

gavel is a set of Maltego transforms designed to query state court records and retrieve their address and vehicle information inside a Maltego graph.

Goldphish is a Maltego transform and machine built to visualize domain permutations using dnstwist.

mcrits is a set of Maltego transforms built to visualize your CRITs database.

Munk is a Maltego transform pack for use with your Splunk deployment.

Leave a comment

Filed under Recommendations, Uncategorized