This gallery contains 1 photo →
Levels of attribution
Category: Threat Intelligence
Analysis and evaluation of external actors, entities, and events that will have negative effect on the enterprise.
In defense of not sharing: What is cyber TMI?
I’ve long been a proponent of sharing threat intelligence. The technical level of this sharing is usually at the indicator of compromise (IOC) level. There are several protocols that allow tools to share these IOCs rapidly. IOCs are gathered through…
Research Note: Investigating a breach
Many people are talking about the attribution of the Sony hack. Was it or was it not North Korea? I do not care. I thought I would talk about a couple of things in driving towards attribution and analysis of…
2014 Indianapolis Summit: Threat trends to the enterprise
Slides of my presentation today at the Indianapolis Summit. 2014 November Indianapolis Summit Threat Trends
Lightweight portable threat intelligence for the enterprise
Does your enterprise threat intelligence feed get you down? Does the wide-ranging list of IP’s, URLs, and other IOCs make you feel bloated? Do you have acronym fatigue? Then you should get lightweight portable threat intelligence for the enterprise. It…
CERIAS Seminar slides, West Lafayette Indiana
Slides as promised This is an expanded slide deck of a previous presentation. Still got about two-dozen that haven’t made it out front yet 🙂 Threat Intelligence and Digital Forensics (pdf)
S4 IResponder Conference, San Francisco
Slides as promised. S4 IrespondCon Slides (PDF)
Threat intelligence “know thyself”
I worry about the over use of threat intelligence. The idea of intelligence came to the information technology space in the early 1990s and many from the intelligence world and the information technology community scoffed at the idea. In the…
U.S. Bank of Cyber: An analysis of Cyber Attacks on the U.S. Financial System
This gallery contains 1 photo →
Research Note: Security, privacy, insider threats, and espionage
I am concerned about how this discussion has evolved, and it is influenced heavily by political and ideological biases. More importantly, it is in a box, which does not reflect a stern reality. I have been told that “Privacy is…
Research Note: Tracing the Twitter card phenomenon
In a Twitter discussion (>140 characters at a time) with Chris J @rattis about tracing credit cards from pictures on Twitter posted by users, to dissemination, and subsequent use. The following experimental protocol was developed. The scenario being examined is…
On the equivalence of corporate and government snooping
I’m going to disagree with the espoused equivalence of government snooping and corporate snooping. The former is enabled by the latter but that is still conflation of the two issues. A consumer opts in when they utilize a service, asks…
Invisible attacks: Maritime shipping critical infrastructure attacks
This gallery contains 1 photo →
Crude Faux: An analysis of cyber conflict within the oil and gas industries
This gallery contains 1 photo →
Where will the NSA be in 5 to 10 years?
I’ve been thinking about how the structure of the intelligence community and specifically technical collection activities are understood. The departure of General Alexander and the current budget fights are policy fulcrum points that can be used for change. I have…