Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Homemade Ramen & Threat Intelligence
Search
Scott J. Roberts
January 29, 2018
Technology
2
530
Homemade Ramen & Threat Intelligence
My talk for the 2018 SANS CTI Summit focused on understanding CTI as a craft.
Scott J. Roberts
January 29, 2018
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
LLM SATs FTW
sroberts
0
10
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
10
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
110
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
94
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
62
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
39
Introduction to Open Source Security Tools
sroberts
3
4.9k
Building Effective Threat Intelligence Sharing
sroberts
1
120
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
120
Other Decks in Technology
See All in Technology
事業と組織から目を逸らずに技術でリードする
ogugu9
19
5.1k
MCP でモノが動くとおもしろい/It is interesting when things move with MCP
bitkey
3
610
AIエージェントのオブザーバビリティについて
yunosukey
1
380
AIフレンドリーなプロダクト開発を目指して 〜MCPを橋渡しにした環境移行〜
shinpr
0
120
LLMの開発と社会実装の今と未来 / AI Builders' Community (ABC) vol.2
pfn
PRO
2
210
テストコードにはテストの意図を込めよう(2025年版) #retechtalk / Put the intent of the test 2025
nihonbuson
PRO
10
2k
地に足の付いた現実的な技術選定から魔力のある体験を得る『AIレシート読み取り機能』のケーススタディ / From Grounded Tech Choices to Magical UX: A Case Study of AI Receipt Scanning
moznion
5
1.9k
4月15日の AZ 障害をテクサポの中の人目線で振り返ってみる
kazzpapa3
3
170
CARTA HOLDINGS エンジニア向け 採用ピッチ資料 / CARTA-GUIDE-for-Engineers
carta_engineering
0
27k
encoding/json v2を予習しよう!
yuyu_hf
PRO
1
220
Cursorをチョッパヤインタビューライターにチューニングする方法 / how to tuning cursor for interview write
shuzon
2
270
newmo の創業を支える Software Architecture と Platform Engineering
110y
5
580
Featured
See All Featured
Gamification - CAS2011
davidbonilla
81
5.3k
Designing Experiences People Love
moore
142
24k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
19
1.2k
Become a Pro
speakerdeck
PRO
28
5.3k
Speed Design
sergeychernyshev
29
940
Writing Fast Ruby
sferik
628
61k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Git: the NoSQL Database
bkeepers
PRO
430
65k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.2k
Building Applications with DynamoDB
mza
94
6.4k
Transcript
HOMEMADE RAMEN & THREAT INTEL A recipe for both
SCOTT J ROBERTS Instructor: SANS FOR578 Cyber Threat Intelligence Author:
Intelligence Driven Incident Response
METAPHOR WARNING!!!
WHAT IS RAMEN?
WHAT IS THREAT INTELLIGENCE?
THE GOAL Understand the combination of tools, inputs, process, &
people that lead to creating a threat intelligence capability.
THE TOOLS
“SOMETHING (SUCH AS AN INSTRUMENT OR APPARATUS) USED IN PERFORMING
AN OPERATION OR NECESSARY IN THE PRACTICE OF A VOCATION OR PROFESSION” Merriam-Webster: Tool (Def 2a)
THE TOOLS FOR RAMEN
TOOLS ➤ Tongs ➤ Ladle ➤ “Spider” ➤ Knives &
Cutting Boards ➤ “Base Infrastructure:” Pots & Pans, Stove Top Burner
INFRARED THERMOMETER Aka Kitchen Laser Gun
THE TOOLS FOR CTI
TIP: YETI
WORKBENCH: MALTEGO
DETECTIONS: YARA & SNORT
3RD PARTY SOURCES: PASSIVE TOTAL & SHODAN
KEY: FITTING INTO YOUR ENVIRONMENT
“ “Remember, it is never the knife's fault.” – Daniel
Boulud
THE INGREDIENTS
“SOMETHING THAT ENTERS INTO A COMPOUND OR IS A COMPONENT
PART OF ANY COMBINATION OR MIXTURE” Merriam-Webster: Ingredient
THE INGREDIENTS FOR RAMEN
BROTH BASE ➤ 1 cup rough diced red delicious apple
(about 1) ➤ 1 cup rough diced garlic (about 3 heads) ➤ 1 cup rough diced ginger ➤ 1 medium yellow onion ➤ 1/2 rack pork baby back ribs ➤ 12 cups water ➤ 1 cup soy sauce
NOODLES
BROTH EXTRAS ➤ 1 sheet kombu ➤ handfull rough choped
dry shiitake mushrooms ➤ 1 half a diced sweet potato ➤ Ends of 1 bunch green onions
SERVING EXTRAS ➤ Slow Poached Eggs ➤ Nori/Wakame ➤ Siracha
➤ Sweet Potato ➤ Grilled Sweet Potato
THE INGREDIENTS FOR THREAT INTELLIGENCE
YOUR OWN INCIDENTS
YOUR TEAMS
VENDOR REPORTS
HONEYPOTS
PEERS/SHARING COMMUNITIES
3RD PARTY PAID INTELLIGENCE
“ Real food doesn't have ingredients, real food is ingredients.
–Jamie Oliver
THE RECIPE
“A SET OF INSTRUCTIONS FOR MAKING SOMETHING FROM VARIOUS INGREDIENTS”
Merriam-Webster: Recipe (2)
THE RECIPE FOR RAMEN
STEPS FOR RAMEN ➤ Bring water (Optional add dry shiitakes
and nori) to a simmer ➤ Add other ingredients (except noodles) and bring to a boil ➤ Reduce heat and simmer 2.5-3 hours (reduced to about half) ➤ Prepare noodles and serve with extras
THE RECIPE FOR THREAT INTELLIGENCE
INTELLIGENCE CYCLE
F3EAD EXPLOIT ANALYZE DISSEMINATE FIND FIX FINISH
LESSONS LEARNED & PRACTICE
“ “Today’s innovation is tomorrow’s tradition.” –Lidia Bastianich
THE COOKS
GREAT COOKS EAT (CONSUME)
GREAT COOKS COOK (CREATE)
GREAT COOKS LEARN (GROWTH)
“ “Cook, cook, and cook. Keep your hands as involved
in the kitchen and as much as you can and don’t seek glamour.” –Gaggan Anand
THE OUTPUT
PICTURE OF RAMEN
INTELLIGENCE PRODUCTS
RFIS
SHORT FORM REPORTS
LONG FORM REPORTS
CONCLUSION
TAKEAWAYS ➤ Think about your tools ➤ Get to know
and understand your inputs ➤ Focus on honing your processes ➤ Grow your people
RAMEN RECIPE ➤ 1 cup rough diced red delicious apple
(about 1) ➤ 1 cup rough diced garlic (about 3 heads) ➤ 1 cup rough diced ginger ➤ 1 medium yellow onion ➤ 1/2 rack pork baby back ribs ➤ 12 cups water ➤ 1 cup soy sauce ➤ Bring water to a simmer ➤ Add other ingredients and bring to a boil ➤ Reduce heat to low and simmer 2.5-3 hours ➤ Remove ribs & discard veggies, shred pork, & prepare ramen noodles ➤ Plate w/ noodles, broth, pork, & extras then serve ➤ Good extras ideas include Slow Poached Eggs, Nori/Wakame, Siracha, Grilled Sweet Potato
THANKS
“ “Usually, one’s cooking is better than one thinks it
is.” –Julia Child