Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Sharing is Caring: Sharing Threat Intelligence Notebook Edition

Thomas Roccia
December 05, 2022
Technology
0
1.7k

Sharing is Caring: Sharing Threat Intelligence Notebook Edition


Keynote - Sharing is Caring: Sharing Threat Intelligence Notebook Edition

You can derive value from threat intelligence in a number of ways, including a complete threat intelligence platform, ingesting threat feeds, or simply leveraging threat intelligence capabilities found in popular security tools. One less common way to leverage threat intelligence is by sharing practical information with others. Sharing the methods of analysis and derived conclusions is of value for the infosec community as it demonstrates a practical and reproducible procedure. Notebooks are all about sharing tools and workflow, they provide a perfect way to exchange knowledge and to improve the capabilities of your team. Share your hunting and defense techniques - the more you share, the harder it is for bad guys.

Thomas Roccia

December 05, 2022
Tweet

More Decks by Thomas Roccia

See All by Thomas Roccia
Prompt Engineering for Threat Intelligence
fr0gger
0
17
State-Sponsored Financially Motivated Attacks
fr0gger
0
590
Binary Instrumentation for Malware Analysis
fr0gger
2
1.4k
Conti Leaks: Practical walkthrough and what can we learn from it
fr0gger
0
840
Code Graphology
fr0gger
0
600
X-Ray of Malware Evasion Techniques: Analysis, Dissection, Cure?
fr0gger
3
820
AISA - Practical Threat Intelligence
fr0gger
0
1.2k
Hermetic Wiper Infographic
fr0gger
1
760
Technical Analysis of Cuba Ransomware
fr0gger
1
260

Other Decks in Technology

See All in Technology
20分で完全に理解するGrafanaダッシュボード
hamadakoji
3
670
GrafanaMeetup_AmazonManagedGrafanaのアクセス制御機能とマルチテナント環境下でのアクセス制御について
daitak
0
240
複雑な構成要素を持つUIとの向き合い方 〜新・支出グラフでの実例〜 / B43 TECH TALK
nakamuuu
0
140
Vertex AI を中心に 生成AIのアップデートを共有します
kaz1437
0
310
Python と Snowflake はズッ友だょ!~ Snowflake の Python 関連機能をふりかえる ~
__allllllllez__
1
120
プロトタイピングによる不確実性の低減 / Reducing Uncertainty through Prototyping
ohbarye
5
390
TechFeed Experts Night#27 〜 フロントエンドフレームワーク最前線 (Svelte)
baseballyama
1
540
JSON攻略法.pdf
miyakemito
8
5.1k
長期間TiDBを使ってきた話 @ 私たちはなぜNewSQLを使うのかTiDB選定5社が語る選定理由と活用LT / Experiences with TiDB Over Time
chibiegg
2
900
EMとして2023年度に頑張ったこと / What we did well in FY2023 as a EM
pauli
1
170
データベース02: データベースの概念
trycycle
0
160
Google Cloud の AI を支える裏側のインフラを垣間見る!
maroon1st
0
360

Featured

See All Featured
Facilitating Awesome Meetings
lara
42
5.6k
Why You Should Never Use an ORM
jnunemaker
PRO
51
8.6k
A Tale of Four Properties
chriscoyier
151
22k
Practical Orchestrator
shlominoach
182
9.7k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
221
21k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
7
1k
Building Flexible Design Systems
yeseniaperezcruz
319
37k
GraphQLの誤解/rethinking-graphql
sonatard
50
9.2k
Fantastic passwords and where to find them - at NoRuKo
philnash
37
2.5k
YesSQL, Process and Tooling at Scale
rocio
164
13k
Into the Great Unknown - MozCon
thekraken
10
990
Why Our Code Smells
bkeepers
PRO
331
56k

Transcript

  1. None
  2. None

  3. My experience with Jupyter What is Threat Intelligence? How Jupyter

    notebooks can be applied in Threat Intelligence Practical examples and tips & tricks

  4. Sharing knowledge is not about giving people something. Sharing knowledge

    occurs when people are genuinely interested in helping others to develop new capacities. It is about creating learning processes. - Peter Senge -

  5. Started using Jupyter in 2017 Learning machine learning for malware

    detection and classification Using notebooks to document my processes and code

  6. What activity are we seeing? Observable What weaknesses does this

    threat exploit? Exploit Target What threats should I look for and why? Indicator Where has this threat been seen before? Incident Who is responsible for this threat? Threat Actor What does it do? Procedure Why does it do this? Campaign What can I do about it? Course of Action

  7. By exchanging threat intelligence, organizations benefit from the community’s collective

    knowledge, experience, and capabilities to better understand the threats they face. Threat intelligence sharing is a critical tool for the cybersecurity community. It takes the knowledge of one organization and spreads it across the entire industry to improve all security practices.

  8. Python, C#, C++ and many more... Use for data analysis

    and data science Efficient for incident response, log analysis, forensics... Threat intelligence analysis, analyse data leaks Enriching data, IOCs... Creating visualizations

  9. Jupyter allows to exchange knowledge and practical analysis Share workflow

    and procedure to analyse Share practical tools that can be reused Enhance the capabilities of the team

  10. https://jupyter.securitybreak.io/vt_domain_hunting/VT_Domain_hunting.html

  11. None

  12. https://jupyter.securitybreak.io/strings_similarity/Strings_Extraction.html

  13. https://jupyter.securitybreak.io/ELK_Threat_Hunting/ELK_Threat_Hunting.html

  14. https://jupyter.securitybreak.io/Conti_Leaks_Analysis/Conti_Leaks_Notebook_TR.html

  15. Add setup instructions Get to know well your data (structure,

    file format... ) Have a broader understanding before deep diving Share your notebook with your team, the community Document what you are doing and your code Use visualization Get feedback and improve your next notebook!

  16. Run a command from Jupyter using "!" or magic command

    using "%" Using the "%%writefile" magic saves the contents of that cell to an external file. "%pycat" does the opposite, and shows the syntax highlighted contents of an external file.

  17. https://jupyter.securitybreak.io

  18. Sharing data is nice, sharing how to process that data

    is better! Jupyter is the perfect companion for workflow and high value procedures. Notebooks are repeatable, explainable and most of all shareable.
  19. None