Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Homemade Ramen & Threat Intelligence
Search
Scott J. Roberts
January 29, 2018
Technology
2
560
Homemade Ramen & Threat Intelligence
My talk for the 2018 SANS CTI Summit focused on understanding CTI as a craft.
Scott J. Roberts
January 29, 2018
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
LLM SATs FTW
sroberts
0
630
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
29
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
120
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
120
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
76
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
61
Introduction to Open Source Security Tools
sroberts
3
5k
Building Effective Threat Intelligence Sharing
sroberts
1
120
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
120
Other Decks in Technology
See All in Technology
Android Audio: Beyond Winning On It
atsushieno
0
300
20250910_障害注入から効率的復旧へ_カオスエンジニアリング_生成AIで考えるAWS障害対応.pdf
sh_fk2
3
260
COVESA VSSによる車両データモデルの標準化とAWS IoT FleetWiseの活用
osawa
1
290
AI時代を生き抜くエンジニアキャリアの築き方 (AI-Native 時代、エンジニアという道は 「最大の挑戦の場」となる) / Building an Engineering Career to Thrive in the Age of AI (In the AI-Native Era, the Path of Engineering Becomes the Ultimate Arena of Challenge)
jeongjaesoon
0
130
KotlinConf 2025_イベントレポート
sony
1
140
オブザーバビリティが広げる AIOps の世界 / The World of AIOps Expanded by Observability
aoto
PRO
0
380
今!ソフトウェアエンジニアがハードウェアに手を出すには
mackee
12
4.8k
dbt開発 with Claude Codeのためのガードレール設計
10xinc
2
1.2k
スマートファクトリーの第一歩 〜AWSマネージドサービスで 実現する予知保全と生成AI活用まで
ganota
2
220
2つのフロントエンドと状態管理
mixi_engineers
PRO
3
110
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
oracle4engineer
PRO
4
10k
新規プロダクトでプロトタイプから正式リリースまでNext.jsで開発したリアル
kawanoriku0
1
110
Featured
See All Featured
Thoughts on Productivity
jonyablonski
70
4.8k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.9k
Designing for Performance
lara
610
69k
For a Future-Friendly Web
brad_frost
180
9.9k
Faster Mobile Websites
deanohume
309
31k
Practical Orchestrator
shlominoach
190
11k
Facilitating Awesome Meetings
lara
55
6.5k
Building Adaptive Systems
keathley
43
2.7k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3k
Why You Should Never Use an ORM
jnunemaker
PRO
59
9.5k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
920
Building Applications with DynamoDB
mza
96
6.6k
Transcript
HOMEMADE RAMEN & THREAT INTEL A recipe for both
SCOTT J ROBERTS Instructor: SANS FOR578 Cyber Threat Intelligence Author:
Intelligence Driven Incident Response
METAPHOR WARNING!!!
WHAT IS RAMEN?
WHAT IS THREAT INTELLIGENCE?
THE GOAL Understand the combination of tools, inputs, process, &
people that lead to creating a threat intelligence capability.
THE TOOLS
“SOMETHING (SUCH AS AN INSTRUMENT OR APPARATUS) USED IN PERFORMING
AN OPERATION OR NECESSARY IN THE PRACTICE OF A VOCATION OR PROFESSION” Merriam-Webster: Tool (Def 2a)
THE TOOLS FOR RAMEN
TOOLS ➤ Tongs ➤ Ladle ➤ “Spider” ➤ Knives &
Cutting Boards ➤ “Base Infrastructure:” Pots & Pans, Stove Top Burner
INFRARED THERMOMETER Aka Kitchen Laser Gun
THE TOOLS FOR CTI
TIP: YETI
WORKBENCH: MALTEGO
DETECTIONS: YARA & SNORT
3RD PARTY SOURCES: PASSIVE TOTAL & SHODAN
KEY: FITTING INTO YOUR ENVIRONMENT
“ “Remember, it is never the knife's fault.” – Daniel
Boulud
THE INGREDIENTS
“SOMETHING THAT ENTERS INTO A COMPOUND OR IS A COMPONENT
PART OF ANY COMBINATION OR MIXTURE” Merriam-Webster: Ingredient
THE INGREDIENTS FOR RAMEN
BROTH BASE ➤ 1 cup rough diced red delicious apple
(about 1) ➤ 1 cup rough diced garlic (about 3 heads) ➤ 1 cup rough diced ginger ➤ 1 medium yellow onion ➤ 1/2 rack pork baby back ribs ➤ 12 cups water ➤ 1 cup soy sauce
NOODLES
BROTH EXTRAS ➤ 1 sheet kombu ➤ handfull rough choped
dry shiitake mushrooms ➤ 1 half a diced sweet potato ➤ Ends of 1 bunch green onions
SERVING EXTRAS ➤ Slow Poached Eggs ➤ Nori/Wakame ➤ Siracha
➤ Sweet Potato ➤ Grilled Sweet Potato
THE INGREDIENTS FOR THREAT INTELLIGENCE
YOUR OWN INCIDENTS
YOUR TEAMS
VENDOR REPORTS
HONEYPOTS
PEERS/SHARING COMMUNITIES
3RD PARTY PAID INTELLIGENCE
“ Real food doesn't have ingredients, real food is ingredients.
–Jamie Oliver
THE RECIPE
“A SET OF INSTRUCTIONS FOR MAKING SOMETHING FROM VARIOUS INGREDIENTS”
Merriam-Webster: Recipe (2)
THE RECIPE FOR RAMEN
STEPS FOR RAMEN ➤ Bring water (Optional add dry shiitakes
and nori) to a simmer ➤ Add other ingredients (except noodles) and bring to a boil ➤ Reduce heat and simmer 2.5-3 hours (reduced to about half) ➤ Prepare noodles and serve with extras
THE RECIPE FOR THREAT INTELLIGENCE
INTELLIGENCE CYCLE
F3EAD EXPLOIT ANALYZE DISSEMINATE FIND FIX FINISH
LESSONS LEARNED & PRACTICE
“ “Today’s innovation is tomorrow’s tradition.” –Lidia Bastianich
THE COOKS
GREAT COOKS EAT (CONSUME)
GREAT COOKS COOK (CREATE)
GREAT COOKS LEARN (GROWTH)
“ “Cook, cook, and cook. Keep your hands as involved
in the kitchen and as much as you can and don’t seek glamour.” –Gaggan Anand
THE OUTPUT
PICTURE OF RAMEN
INTELLIGENCE PRODUCTS
RFIS
SHORT FORM REPORTS
LONG FORM REPORTS
CONCLUSION
TAKEAWAYS ➤ Think about your tools ➤ Get to know
and understand your inputs ➤ Focus on honing your processes ➤ Grow your people
RAMEN RECIPE ➤ 1 cup rough diced red delicious apple
(about 1) ➤ 1 cup rough diced garlic (about 3 heads) ➤ 1 cup rough diced ginger ➤ 1 medium yellow onion ➤ 1/2 rack pork baby back ribs ➤ 12 cups water ➤ 1 cup soy sauce ➤ Bring water to a simmer ➤ Add other ingredients and bring to a boil ➤ Reduce heat to low and simmer 2.5-3 hours ➤ Remove ribs & discard veggies, shred pork, & prepare ramen noodles ➤ Plate w/ noodles, broth, pork, & extras then serve ➤ Good extras ideas include Slow Poached Eggs, Nori/Wakame, Siracha, Grilled Sweet Potato
THANKS
“ “Usually, one’s cooking is better than one thinks it
is.” –Julia Child