Talkin' Bout [Infosec] News

In this Black Hills Information Security webcast John breakdowns why he hates threat intelligence… Again…

But, he breaks down some of the cool new projects that are focusing on durable threat intelligence. This is key because many intel feeds are nothing more than domains, hashes, and IP addresses. However, with durable threat intel, we see attack techniques that are highly effective, yet are not as easy to block.

For example, application allow listing abuse, connection profiles (RITA!), PowerShell encoding are all examples of detects you can use that are not specific to a point in time attack methodology.

John also shares some very cool open source projects that are approaching attacks in this way using ELK.

Join the Black Hills Information Security Discord discussion server — https://discord.gg/aHHh3u5

0:00 – Be Excellent to Each Other

1:06 – Threat Intel: A Useless Rant

7:38 – Pyramid of Pain

10:55 – You Got Another String Coming

14:56 – Conversation With a Pompous John

19:10 – Hacking Ain’t Easy

22:21 – ATT&CK Bingo™

24:33 – Emulation for Iteration

27:35 – Some Open Source Tools

32:03 – Threat Emulation Warning

36:59 – MITRE Scorecard

45:49 – A Bit of Perspective

48:02 – DeTT&CT

48:48 – Sigma

Show Notes

Join us in the Black Hills InfoSec Discord server to keep the security conversation going!
https://discord.gg/bhis

Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services:
https://www.blackhillsinfosec.com

In this Black Hills Information Security webcast John breakdowns why he hates threat intelligence... Again...

But, he breaks down some of the cool new projects that are focusing on durable threat intelligence. This is key, because many intel feeds are nothing more than domains, hashes and IP addresses. However, with durable threat intel we see attack techniques that are highly effective, yet are not as easy to block.

For example, application allow listing abuse, connection profiles (RITA!), PowerShell encoding are all examples of detects you can use that are not specific to a point in time attack methodology.

John also shares some very cool open source projects that are approaching attacks in this way using ELK.

Slides for this webcast can be found here:
https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_Durable_Ephemeral_Threat_Intel_Strand.pdf
  • (00:00) - Intro
  • (00:47) - Threat Intel: A Useless Rant
  • (07:20) - Pyramid of Pain
  • (10:37) - You Got Another String Coming
  • (14:34) - Conversation With a Pompous John
  • (18:42) - Hacking Ain't Easy
  • (21:51) - ATT&CK Bingo™
  • (24:02) - Emulation for Iteration
  • (27:00) - Some Open Source Tools
  • (31:28) - Threat Emulation Warning
  • (32:03) - Commercial Tools
  • (36:03) - MITRE Scorecard
  • (44:47) - A Bit of Perspective
  • (47:00) - DeTT&CT
  • (47:46) - Sigma
  • (51:24) - Atomic Threat Coverage
  • (53:58) - PlumHound
  • (54:35) - RITA
  • (55:46) - Honeypots
  • (57:16) - Question Time
  • (01:06:04) - Breaking Down the Gates

What is Talkin' Bout [Infosec] News?

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
Join us live on YouTube, Monday's at 4:30PM ET