{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Talkin' Bout [Infosec] News","title":"Webcast: Durable vs. Ephemeral Threat Intel","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/59940896\"></iframe>","width":"100%","height":180,"duration":4394,"description":"In this Black Hills Information Security webcast John breakdowns why he hates threat intelligence… Again… \r\n\r\n\r\n\r\nBut, he breaks down some of the cool new projects that are focusing on durable threat intelligence. This is key because many intel feeds are nothing more than domains, hashes, and IP addresses. However, with durable threat intel, we see attack techniques that are highly effective, yet are not as easy to block. \r\n\r\n\r\n\r\nFor example, application allow listing abuse, connection profiles (RITA!), PowerShell encoding are all examples of detects you can use that are not specific to a point in time attack methodology. \r\n\r\n\r\n\r\nJohn also shares some very cool open source projects that are approaching attacks in this way using ELK.\r\n\r\n\r\n\r\nJoin the Black Hills Information Security Discord discussion server — https://discord.gg/aHHh3u5 \r\n\r\n\r\n\r\n0:00 – Be Excellent to Each Other \r\n\r\n\r\n\r\n1:06 – Threat Intel: A Useless Rant \r\n\r\n\r\n\r\n7:38 – Pyramid of Pain \r\n\r\n\r\n\r\n10:55 – You Got Another String Coming \r\n\r\n\r\n\r\n14:56 – Conversation With a Pompous John \r\n\r\n\r\n\r\n19:10 – Hacking Ain’t Easy \r\n\r\n\r\n\r\n22:21 – ATT&CK Bingo™ \r\n\r\n\r\n\r\n24:33 – Emulation for Iteration \r\n\r\n\r\n\r\n27:35 – Some Open Source Tools \r\n\r\n\r\n\r\n32:03 – Threat Emulation Warning \r\n\r\n\r\n\r\n36:59 – MITRE Scorecard \r\n\r\n\r\n\r\n45:49 – A Bit of Perspective \r\n\r\n\r\n\r\n48:02 – DeTT&CT \r\n\r\n\r\n\r\n48:48 – Sigma","thumbnail_url":"https://img.transistorcdn.com/WPYM9pq_SRUcywHv9tdgpsGLyLx04W2rDmzktvAcD4Y/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8xZTA1/ZWZhNDcxZGM4ZTFj/ZGJhMTMwNmYzMmJj/ZjBkNi5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}