Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Sharing is Caring: Sharing Threat Intelligence Notebook Edition

Thomas Roccia
December 05, 2022

Sharing is Caring: Sharing Threat Intelligence Notebook Edition

Keynote - Sharing is Caring: Sharing Threat Intelligence Notebook Edition

You can derive value from threat intelligence in a number of ways, including a complete threat intelligence platform, ingesting threat feeds, or simply leveraging threat intelligence capabilities found in popular security tools. One less common way to leverage threat intelligence is by sharing practical information with others. Sharing the methods of analysis and derived conclusions is of value for the infosec community as it demonstrates a practical and reproducible procedure. Notebooks are all about sharing tools and workflow, they provide a perfect way to exchange knowledge and to improve the capabilities of your team. Share your hunting and defense techniques - the more you share, the harder it is for bad guys.

Thomas Roccia

December 05, 2022

More Decks by Thomas Roccia

Other Decks in Technology


  1. My experience with Jupyter What is Threat Intelligence? How Jupyter

    notebooks can be applied in Threat Intelligence Practical examples and tips & tricks
  2. Sharing knowledge is not about giving people something. Sharing knowledge

    occurs when people are genuinely interested in helping others to develop new capacities. It is about creating learning processes. - Peter Senge -
  3. Started using Jupyter in 2017 Learning machine learning for malware

    detection and classification Using notebooks to document my processes and code
  4. What activity are we seeing? Observable What weaknesses does this

    threat exploit? Exploit Target What threats should I look for and why? Indicator Where has this threat been seen before? Incident Who is responsible for this threat? Threat Actor What does it do? Procedure Why does it do this? Campaign What can I do about it? Course of Action
  5. By exchanging threat intelligence, organizations benefit from the community’s collective

    knowledge, experience, and capabilities to better understand the threats they face. Threat intelligence sharing is a critical tool for the cybersecurity community. It takes the knowledge of one organization and spreads it across the entire industry to improve all security practices.
  6. Python, C#, C++ and many more... Use for data analysis

    and data science Efficient for incident response, log analysis, forensics... Threat intelligence analysis, analyse data leaks Enriching data, IOCs... Creating visualizations
  7. Jupyter allows to exchange knowledge and practical analysis Share workflow

    and procedure to analyse Share practical tools that can be reused Enhance the capabilities of the team
  8. Add setup instructions Get to know well your data (structure,

    file format... ) Have a broader understanding before deep diving Share your notebook with your team, the community Document what you are doing and your code Use visualization Get feedback and improve your next notebook!
  9. Run a command from Jupyter using "!" or magic command

    using "%" Using the "%%writefile" magic saves the contents of that cell to an external file. "%pycat" does the opposite, and shows the syntax highlighted contents of an external file.
  10. Sharing data is nice, sharing how to process that data

    is better! Jupyter is the perfect companion for workflow and high value procedures. Notebooks are repeatable, explainable and most of all shareable.