Homemade Ramen & Threat Intelligence

Transcript

1. HOMEMADE RAMEN & THREAT INTEL
   A recipe for both
   

   View Slide

2. SCOTT J ROBERTS
   Instructor: SANS FOR578 Cyber Threat Intelligence
   Author: Intelligence Driven Incident Response
   

   View Slide

3. METAPHOR WARNING!!!
   

   View Slide

4. WHAT IS RAMEN?
   

   View Slide

5. WHAT IS THREAT INTELLIGENCE?
   

   View Slide

6. THE GOAL
   Understand the combination of tools, inputs, process, & people
   that lead to creating a threat intelligence capability.
   

   View Slide

7. THE TOOLS
   

   View Slide

8. “SOMETHING (SUCH AS AN INSTRUMENT OR
   APPARATUS) USED IN PERFORMING AN
   OPERATION OR NECESSARY IN THE PRACTICE
   OF A VOCATION OR PROFESSION”
   Merriam-Webster: Tool (Def 2a)
   

   View Slide

9. THE TOOLS FOR RAMEN
   

   View Slide

10. TOOLS
    ➤ Tongs
    ➤ Ladle
    ➤ “Spider”
    ➤ Knives & Cutting Boards
    ➤ “Base Infrastructure:” Pots & Pans, Stove Top Burner
    

    View Slide

11. INFRARED
    THERMOMETER
    Aka Kitchen Laser Gun
    

    View Slide

12. THE TOOLS FOR CTI
    

    View Slide

13. TIP: YETI
    

    View Slide

14. WORKBENCH: MALTEGO
    

    View Slide

15. DETECTIONS: YARA & SNORT
    

    View Slide

16. 3RD PARTY SOURCES:
    PASSIVE TOTAL & SHODAN
    

    View Slide

17. KEY: FITTING INTO YOUR
    ENVIRONMENT
    

    View Slide

18. “
    “Remember, it is never the knife's fault.”
    – Daniel Boulud
    

    View Slide

19. THE INGREDIENTS
    

    View Slide

20. “SOMETHING THAT ENTERS INTO A COMPOUND
    OR IS A COMPONENT PART OF ANY
    COMBINATION OR MIXTURE”
    Merriam-Webster: Ingredient
    

    View Slide

21. THE INGREDIENTS FOR RAMEN
    

    View Slide

22. BROTH BASE
    ➤ 1 cup rough diced red delicious apple (about 1)
    ➤ 1 cup rough diced garlic (about 3 heads)
    ➤ 1 cup rough diced ginger
    ➤ 1 medium yellow onion
    ➤ 1/2 rack pork baby back ribs
    ➤ 12 cups water
    ➤ 1 cup soy sauce
    

    View Slide

23. NOODLES
    

    View Slide

24. BROTH EXTRAS
    ➤ 1 sheet kombu
    ➤ handfull rough choped dry shiitake mushrooms
    ➤ 1 half a diced sweet potato
    ➤ Ends of 1 bunch green onions
    

    View Slide

25. SERVING EXTRAS
    ➤ Slow Poached Eggs
    ➤ Nori/Wakame
    ➤ Siracha
    ➤ Sweet Potato
    ➤ Grilled Sweet Potato
    

    View Slide

26. THE INGREDIENTS FOR THREAT
    INTELLIGENCE
    

    View Slide

27. YOUR OWN INCIDENTS
    

    View Slide

28. YOUR TEAMS
    

    View Slide

29. VENDOR REPORTS
    

    View Slide

30. HONEYPOTS
    

    View Slide

31. PEERS/SHARING COMMUNITIES
    

    View Slide

32. 3RD PARTY PAID INTELLIGENCE
    

    View Slide

33. “
    Real food doesn't have ingredients, real food is
    ingredients.
    –Jamie Oliver
    

    View Slide

34. THE RECIPE
    

    View Slide

35. “A SET OF INSTRUCTIONS FOR MAKING
    SOMETHING FROM VARIOUS INGREDIENTS”
    Merriam-Webster: Recipe (2)
    

    View Slide

36. THE RECIPE FOR RAMEN
    

    View Slide

37. STEPS FOR RAMEN
    ➤ Bring water (Optional add dry shiitakes and nori) to a simmer
    ➤ Add other ingredients (except noodles) and bring to a boil
    ➤ Reduce heat and simmer 2.5-3 hours (reduced to about half)
    ➤ Prepare noodles and serve with extras
    

    View Slide

38. THE RECIPE FOR THREAT
    INTELLIGENCE
    

    View Slide

39. INTELLIGENCE CYCLE
    

    View Slide

40. F3EAD
    EXPLOIT
    ANALYZE
    DISSEMINATE
    FIND
    FIX
    FINISH
    

    View Slide

41. LESSONS LEARNED & PRACTICE
    

    View Slide

42. “
    “Today’s innovation is tomorrow’s tradition.”
    –Lidia Bastianich
    

    View Slide

43. THE COOKS
    

    View Slide

44. GREAT COOKS EAT
    (CONSUME)
    

    View Slide

45. GREAT COOKS COOK
    (CREATE)
    

    View Slide

46. GREAT COOKS LEARN
    (GROWTH)
    

    View Slide

47. “
    “Cook, cook, and cook. Keep your hands as
    involved in the kitchen and as much as you can
    and don’t seek glamour.”
    –Gaggan Anand
    

    View Slide

48. THE OUTPUT
    

    View Slide

49. PICTURE OF RAMEN
    

    View Slide

50. INTELLIGENCE PRODUCTS
    

    View Slide

51. RFIS
    

    View Slide

52. SHORT FORM REPORTS
    

    View Slide

53. LONG FORM REPORTS
    

    View Slide

54. CONCLUSION
    

    View Slide

55. TAKEAWAYS
    ➤ Think about your tools
    ➤ Get to know and understand your inputs
    ➤ Focus on honing your processes
    ➤ Grow your people
    

    View Slide

56. RAMEN RECIPE
    ➤ 1 cup rough diced red
    delicious apple (about 1)
    ➤ 1 cup rough diced garlic
    (about 3 heads)
    ➤ 1 cup rough diced ginger
    ➤ 1 medium yellow onion
    ➤ 1/2 rack pork baby back ribs
    ➤ 12 cups water
    ➤ 1 cup soy sauce
    ➤ Bring water to a simmer
    ➤ Add other ingredients and bring to a boil
    ➤ Reduce heat to low and simmer 2.5-3 hours
    ➤ Remove ribs & discard veggies, shred pork, & prepare
    ramen noodles
    ➤ Plate w/ noodles, broth, pork, & extras then serve
    ➤ Good extras ideas include Slow Poached Eggs,
    Nori/Wakame, Siracha, Grilled Sweet Potato
    

    View Slide

57. THANKS
    

    View Slide

58. “
    “Usually, one’s cooking is better than one
    thinks it is.”
    –Julia Child
    

    View Slide