Keynote - Sharing is Caring: Sharing Threat Intelligence Notebook Edition
You can derive value from threat intelligence in a number of ways, including a complete threat intelligence platform, ingesting threat feeds, or simply leveraging threat intelligence capabilities found in popular security tools. One less common way to leverage threat intelligence is by sharing practical information with others. Sharing the methods of analysis and derived conclusions is of value for the infosec community as it demonstrates a practical and reproducible procedure. Notebooks are all about sharing tools and workflow, they provide a perfect way to exchange knowledge and to improve the capabilities of your team. Share your hunting and defense techniques - the more you share, the harder it is for bad guys.
My experience with Jupyter
What is Threat Intelligence?
How Jupyter notebooks can be applied
in Threat Intelligence
Practical examples and tips & tricks
Sharing knowledge is not about
giving people something.
Sharing knowledge occurs when people
are genuinely interested in helping
others to develop new capacities.
It is about creating
- Peter Senge -
Started using Jupyter in 2017
Learning machine learning for
malware detection and classification
Using notebooks to document my
processes and code
What activity are we
What weaknesses does
this threat exploit?
What threats should I
look for and why?
Where has this threat
been seen before?
Who is responsible for
What does it do?
Why does it do this?
What can I do about it? Course of
By exchanging threat intelligence, organizations benefit from the
community’s collective knowledge, experience, and capabilities to
better understand the threats they face.
Threat intelligence sharing is a critical tool for the cybersecurity
It takes the knowledge of one organization and spreads it across
the entire industry to improve all security practices.
Python, C#, C++ and many more... Use for data analysis and data
Efficient for incident response,
log analysis, forensics...
Threat intelligence analysis,
analyse data leaks
Enriching data, IOCs... Creating visualizations
Jupyter allows to exchange knowledge and practical analysis
Share workflow and procedure to analyse
Share practical tools that can be reused
Enhance the capabilities of the team
Add setup instructions Get to know well your data
(structure, file format... )
Have a broader understanding
before deep diving
Share your notebook with your
team, the community
Document what you are
doing and your code
Get feedback and improve your
Run a command from Jupyter using "!" or magic command using "%"
Using the "%%writefile" magic saves the contents of that cell to an external file.
"%pycat" does the opposite, and shows the syntax highlighted contents of an external file.
Sharing data is nice, sharing how to process that data is
Jupyter is the perfect companion for workflow and high
Notebooks are repeatable, explainable and most of all