Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Homemade Ramen & Threat Intelligence
Search
Scott J. Roberts
January 29, 2018
Technology
2
560
Homemade Ramen & Threat Intelligence
My talk for the 2018 SANS CTI Summit focused on understanding CTI as a craft.
Scott J. Roberts
January 29, 2018
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
LLM SATs FTW
sroberts
0
560
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
27
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
120
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
120
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
76
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
54
Introduction to Open Source Security Tools
sroberts
3
4.9k
Building Effective Threat Intelligence Sharing
sroberts
1
120
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
120
Other Decks in Technology
See All in Technology
GISエンジニアよ 現場に行け!
sudataka
1
130
[kickflow]20250319_少人数チームでのAutify活用
otouhujej
0
130
データモデリング通り #2オンライン勉強会 ~方法論の話をしよう~
datayokocho
0
180
Oracle Exadata Database Service on Cloud@Customer X11M (ExaDB-C@C) サービス概要
oracle4engineer
PRO
2
6.3k
「Roblox」の開発環境とその効率化 ~DAU9700万人超の巨大プラットフォームの開発 事始め~
keitatanji
0
140
夏休みWebアプリパフォーマンス相談室/web-app-performance-on-radio
hachi_eiji
0
250
UDDのススメ - 拡張版 -
maguroalternative
1
600
Instant Apps Eulogy
cyrilmottier
1
120
Kiroでインフラ要件定義~テスト を実施してみた
nagisa53
3
390
形式手法特論:位相空間としての並行プログラミング #kernelvm / Kernel VM Study Tokyo 18th
ytaka23
3
1.5k
AIは変更差分からユニットテスト_結合テスト_システムテストでテストすべきことが出せるのか?
mineo_matsuya
1
660
Engineering Failure-Resilient Systems
infraplumber0
0
120
Featured
See All Featured
The Power of CSS Pseudo Elements
geoffreycrofte
77
5.9k
Rails Girls Zürich Keynote
gr2m
95
14k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
jQuery: Nuts, Bolts and Bling
dougneiner
64
7.8k
Practical Orchestrator
shlominoach
190
11k
Art, The Web, and Tiny UX
lynnandtonic
301
21k
Java REST API Framework Comparison - PWX 2021
mraible
33
8.8k
Faster Mobile Websites
deanohume
309
31k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
10
1k
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.8k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
283
13k
Transcript
HOMEMADE RAMEN & THREAT INTEL A recipe for both
SCOTT J ROBERTS Instructor: SANS FOR578 Cyber Threat Intelligence Author:
Intelligence Driven Incident Response
METAPHOR WARNING!!!
WHAT IS RAMEN?
WHAT IS THREAT INTELLIGENCE?
THE GOAL Understand the combination of tools, inputs, process, &
people that lead to creating a threat intelligence capability.
THE TOOLS
“SOMETHING (SUCH AS AN INSTRUMENT OR APPARATUS) USED IN PERFORMING
AN OPERATION OR NECESSARY IN THE PRACTICE OF A VOCATION OR PROFESSION” Merriam-Webster: Tool (Def 2a)
THE TOOLS FOR RAMEN
TOOLS ➤ Tongs ➤ Ladle ➤ “Spider” ➤ Knives &
Cutting Boards ➤ “Base Infrastructure:” Pots & Pans, Stove Top Burner
INFRARED THERMOMETER Aka Kitchen Laser Gun
THE TOOLS FOR CTI
TIP: YETI
WORKBENCH: MALTEGO
DETECTIONS: YARA & SNORT
3RD PARTY SOURCES: PASSIVE TOTAL & SHODAN
KEY: FITTING INTO YOUR ENVIRONMENT
“ “Remember, it is never the knife's fault.” – Daniel
Boulud
THE INGREDIENTS
“SOMETHING THAT ENTERS INTO A COMPOUND OR IS A COMPONENT
PART OF ANY COMBINATION OR MIXTURE” Merriam-Webster: Ingredient
THE INGREDIENTS FOR RAMEN
BROTH BASE ➤ 1 cup rough diced red delicious apple
(about 1) ➤ 1 cup rough diced garlic (about 3 heads) ➤ 1 cup rough diced ginger ➤ 1 medium yellow onion ➤ 1/2 rack pork baby back ribs ➤ 12 cups water ➤ 1 cup soy sauce
NOODLES
BROTH EXTRAS ➤ 1 sheet kombu ➤ handfull rough choped
dry shiitake mushrooms ➤ 1 half a diced sweet potato ➤ Ends of 1 bunch green onions
SERVING EXTRAS ➤ Slow Poached Eggs ➤ Nori/Wakame ➤ Siracha
➤ Sweet Potato ➤ Grilled Sweet Potato
THE INGREDIENTS FOR THREAT INTELLIGENCE
YOUR OWN INCIDENTS
YOUR TEAMS
VENDOR REPORTS
HONEYPOTS
PEERS/SHARING COMMUNITIES
3RD PARTY PAID INTELLIGENCE
“ Real food doesn't have ingredients, real food is ingredients.
–Jamie Oliver
THE RECIPE
“A SET OF INSTRUCTIONS FOR MAKING SOMETHING FROM VARIOUS INGREDIENTS”
Merriam-Webster: Recipe (2)
THE RECIPE FOR RAMEN
STEPS FOR RAMEN ➤ Bring water (Optional add dry shiitakes
and nori) to a simmer ➤ Add other ingredients (except noodles) and bring to a boil ➤ Reduce heat and simmer 2.5-3 hours (reduced to about half) ➤ Prepare noodles and serve with extras
THE RECIPE FOR THREAT INTELLIGENCE
INTELLIGENCE CYCLE
F3EAD EXPLOIT ANALYZE DISSEMINATE FIND FIX FINISH
LESSONS LEARNED & PRACTICE
“ “Today’s innovation is tomorrow’s tradition.” –Lidia Bastianich
THE COOKS
GREAT COOKS EAT (CONSUME)
GREAT COOKS COOK (CREATE)
GREAT COOKS LEARN (GROWTH)
“ “Cook, cook, and cook. Keep your hands as involved
in the kitchen and as much as you can and don’t seek glamour.” –Gaggan Anand
THE OUTPUT
PICTURE OF RAMEN
INTELLIGENCE PRODUCTS
RFIS
SHORT FORM REPORTS
LONG FORM REPORTS
CONCLUSION
TAKEAWAYS ➤ Think about your tools ➤ Get to know
and understand your inputs ➤ Focus on honing your processes ➤ Grow your people
RAMEN RECIPE ➤ 1 cup rough diced red delicious apple
(about 1) ➤ 1 cup rough diced garlic (about 3 heads) ➤ 1 cup rough diced ginger ➤ 1 medium yellow onion ➤ 1/2 rack pork baby back ribs ➤ 12 cups water ➤ 1 cup soy sauce ➤ Bring water to a simmer ➤ Add other ingredients and bring to a boil ➤ Reduce heat to low and simmer 2.5-3 hours ➤ Remove ribs & discard veggies, shred pork, & prepare ramen noodles ➤ Plate w/ noodles, broth, pork, & extras then serve ➤ Good extras ideas include Slow Poached Eggs, Nori/Wakame, Siracha, Grilled Sweet Potato
THANKS
“ “Usually, one’s cooking is better than one thinks it
is.” –Julia Child