Slide 1

Slide 1 text

No content

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

My experience with Jupyter What is Threat Intelligence? How Jupyter notebooks can be applied in Threat Intelligence Practical examples and tips & tricks

Slide 4

Slide 4 text

Sharing knowledge is not about giving people something. Sharing knowledge occurs when people are genuinely interested in helping others to develop new capacities. It is about creating learning processes. - Peter Senge -

Slide 5

Slide 5 text

Started using Jupyter in 2017 Learning machine learning for malware detection and classification Using notebooks to document my processes and code

Slide 6

Slide 6 text

What activity are we seeing? Observable What weaknesses does this threat exploit? Exploit Target What threats should I look for and why? Indicator Where has this threat been seen before? Incident Who is responsible for this threat? Threat Actor What does it do? Procedure Why does it do this? Campaign What can I do about it? Course of Action

Slide 7

Slide 7 text

By exchanging threat intelligence, organizations benefit from the community’s collective knowledge, experience, and capabilities to better understand the threats they face. Threat intelligence sharing is a critical tool for the cybersecurity community. It takes the knowledge of one organization and spreads it across the entire industry to improve all security practices.

Slide 8

Slide 8 text

Python, C#, C++ and many more... Use for data analysis and data science Efficient for incident response, log analysis, forensics... Threat intelligence analysis, analyse data leaks Enriching data, IOCs... Creating visualizations

Slide 9

Slide 9 text

Jupyter allows to exchange knowledge and practical analysis Share workflow and procedure to analyse Share practical tools that can be reused Enhance the capabilities of the team

Slide 10

Slide 10 text

https://jupyter.securitybreak.io/vt_domain_hunting/VT_Domain_hunting.html

Slide 11

Slide 11 text

No content

Slide 12

Slide 12 text

https://jupyter.securitybreak.io/strings_similarity/Strings_Extraction.html

Slide 13

Slide 13 text

https://jupyter.securitybreak.io/ELK_Threat_Hunting/ELK_Threat_Hunting.html

Slide 14

Slide 14 text

https://jupyter.securitybreak.io/Conti_Leaks_Analysis/Conti_Leaks_Notebook_TR.html

Slide 15

Slide 15 text

Add setup instructions Get to know well your data (structure, file format... ) Have a broader understanding before deep diving Share your notebook with your team, the community Document what you are doing and your code Use visualization Get feedback and improve your next notebook!

Slide 16

Slide 16 text

Run a command from Jupyter using "!" or magic command using "%" Using the "%%writefile" magic saves the contents of that cell to an external file. "%pycat" does the opposite, and shows the syntax highlighted contents of an external file.

Slide 17

Slide 17 text

https://jupyter.securitybreak.io

Slide 18

Slide 18 text

Sharing data is nice, sharing how to process that data is better! Jupyter is the perfect companion for workflow and high value procedures. Notebooks are repeatable, explainable and most of all shareable.

Slide 19

Slide 19 text

No content