FOR578 Cyber Threat Intelligence

/PDF 2021/

FOR578.pdf

/USB 2021/

FOR578_SG01_21.2.iso

Lab_Setup_Instructions_SGFOR578_v02.pdf

/.../1. Introduction to Cyber Threat Intelligence and Requirements/

1. Welcome to Cyber Threat Intelligence FOR578.mp4

2. Be Social.mp4

3. Lab Guidance.mp4

4. Cyber Threat Intelligence and Requirements.mp4

5. Course Agenda.mp4

6. Course Goal A Capable CTI Analyst.mp4

7. FOR578 GCTI School of Thought.mp4

8. Section 1 Outline.mp4

9. Case Study Moonlight Maze.mp4

10. Targeting Government and Military Networks.mp4

11. Investigating Moonlight Maze.mp4

12. 2016 Reanalyzing Moonlight Maze.mp4

13. Connections to the Present Penquin Turla.mp4

14. Putting the Pieces Together.mp4

15. Lessons Learned.mp4

/.../1. Cyber Threat Intelligence and Requirements/2. Understanding Intelligence/

1. Understanding Intelligence.mp4

2. Intelligence.mp4

3. Classic Intelligence Sources.mp4

4. Counterintelligence.mp4

5. Case Study Operation Bodyguard.mp4

6. Sherman Kent.mp4

7. Kents Analytic Doctrine.mp4

8. Richards J Heuer Jr.mp4

9. Analysis.mp4

10. Analytical Judgment.mp4

11. DataDriven Versus ConceptuallyDriven Analysis.mp4

12. Thinking About Thinking and Perception.mp4

13. Analysis in Action.mp4

14. Hindrances to Good Analysis.mp4

15. Bias Example Ransomware Targeting Elections.mp4

16. System 1 and System 2 Thinking.mp4

17. Mental Models.mp4

18. Kills Chains and Other Structured Models Data into Buckets.mp4

19. Structured Analytic Techniques.mp4

20. The Intelligence Life Cycle.mp4

21. Field of View Bias from Collection.mp4

22. Know the Difference Data Versus Intelligence.mp4

23. Example Tools for Structured Analytic Techniques.mp4

24. MindMup.mp4

25. Exercise 11.mp4

26. Case Study Operation Aurora 1.mp4

27. Case Study Operation Aurora 2.mp4

28. Enter the CyberDragon.mp4

29. Tools and Tradecraft.mp4

30. Clues into Attribution.mp4

31. Lessons Learned.mp4

/.../3. Understanding Cyber Threat Intelligence/

1. Understanding Cyber Threat Intelligence.mp4

2. Defining Cyber Threat Intelligence.mp4

3. CTI Terminology.mp4

4. Threat.mp4

5. Intelligence Requirements.mp4

6. Intrusions.mp4

7. Activity Group.mp4

8. Threat Actor.mp4

9. Campaign.mp4

10. Traffic Light Protocol.mp4

11. AdversaryThreat Personas and TargetsVictims.mp4

12. Tactics Techniques and Procedures.mp4

13. Tradecraft.mp4

14. Indicators.mp4

15. Indicator Life Cycle Introduction.mp4

16. Key Indicators.mp4

17. Key Indicator Examples.mp4

18. Discovery and Indicator Life Span.mp4

19. Indicator Fatigue and Proper Use Cases.mp4

20. Case Study PROMETHIUM and NEODYMIUM.mp4

21. Background.mp4

22. Observable Characteristics.mp4

23. NEODYMIUM Intrusion Flow.mp4

24. The Activity Groups.mp4

/.../4. Threat Intelligence Consumption/

1. Threat Intelligence Consumption.mp4

2. Intelligence Generation Versus Consumption.mp4

3. Sliding Scale of Cyber Security.mp4

4. Leverage Intelligence to Drive Value.mp4

5. Offense Intelligence Consumption.mp4

6. Intelligence Intelligence Consumption.mp4

7. Active Defense Intelligence Consumption.mp4

8. Passive Defense Intelligence Consumption.mp4

9. Architecture Intelligence Consumption.mp4

10. The Four Types of Threat Detection.mp4

11. Moving Indicators to Threat Behavioral Analytics.mp4

12. The Pyramid of Pain.mp4

13. Exercise 12 LeadIn.mp4

14. Exercise 12 Optional.mp4

/.../5. Preparing the Team to Generate Intelligence/

1. Preparing the Team to Generate Intelligence.mp4

2. Making the Switch from Consuming to Generating.mp4

3. Priority Intelligence Requirements.mp4

4. Intended Audience.mp4

5. Intelligence Requirement Examples.mp4

6. Structuring Your Team to Generate Intelligence.mp4

7. A Few Sample Purposes of a Cyber Threat Intelligence Team.mp4

8. Case Study The First Ever Electric Grid Focused Malware.mp4

9. Ukraine December 2016.mp4

10. Exercise 13 The Evolving Situation.mp4

11. Scenario Companies and Organizations.mp4

12. Details Roles and Requirements.mp4

13. Exercise 13.mp4

14. Case Study Carbanak.mp4

15. Carberp.mp4

16. Carbanak.mp4

17. How the Carbanak Cybergang Stole 1B.mp4

18. Carbanak Evolution.mp4

19. The Impact.mp4

20. Lessons Learned.mp4

/.../6. Planning and Direction/

1. Planning and Direction.mp4

2. Generating Intelligence Requirements.mp4

3. Planning Collection Management Framework.mp4

4. A Sample External Collection Management Framework on Malware Data.mp4

5. A Sample Internal Collection Management Framework.mp4

6. Systems Analysis.mp4

7. Threat Modeling.mp4

8. TargetCentric Intelligence Analysis.mp4

9. Building a Threat Model Review Your Critical Systems and Information.mp4

10. Adding Potential Adversaries to the Model.mp4

11. Pivoting off Information and Resources.mp4

12. Getting the Information You Need.mp4

13. Go as Granular as You Need.mp4

14. The VERIS Framework.mp4

15. Fundamentals of VERIS.mp4

16. VCAF VERIS Common Attack Framework.mp4

17. Using VERIS to Track Threats.mp4

18. Exercise 14 Positioning for the Future 1.mp4

19. Exercise 14 Positioning for the Future 2.mp4

20. Exercise 14.mp4

21. SANS DFIR.mp4

22. COURSE RESOURCES AND CONTACT INFORMATION.mp4

/.../1. Primary Collection Source Intrusion Analysis/

1. Welcome to Cyber Threat Intelligence FOR578 Day 2.mp4

2. The Fundamental Skill Set Intrusion Analysis.mp4

3. Course Agenda.mp4

4. Section 2 Outline.mp4

5. Primary Collection Source Intrusion Analysis.mp4

6. Kill Chain Overview.mp4

7. Stage 1 Recon Precursors.mp4

8. Recon Example.mp4

9. Stage 2 Weaponization.mp4

10. Weaponization Example Trojanized Document.mp4

11. Stage 3 Delivery.mp4

12. Delivery Example HTTP.mp4

13. Stage 4 Exploitation.mp4

14. ExploitDelivery Loop SMTPHTTP.mp4

15. Stage 5 Installation.mp4

16. Installation Example.mp4

17. Stage 6 Command and Control C2.mp4

18. C2 Example Sleep.mp4

19. Stage 7 Actions on Objectives.mp4

20. Actions Example.mp4

21. Introduction to the Diamond Model.mp4

22. Diamond Model Axioms.mp4

23. Diamond Adversary.mp4

24. Adversary Human Fingerprints Examples in Malware.mp4

25. Diamond CapabilityTTP.mp4

26. Diamond Infrastructure.mp4

27. Diamond Victim.mp4

28. Merging the Diamond Model and Kill Chain.mp4

29. One Phases Choices May Move in Another Phase.mp4

30. CoA Introduction.mp4

31. The Courses of Action Matrix.mp4

32. CoA Discover.mp4

33. CoA Detect.mp4

34. CoA Deny.mp4

35. CoA Disrupt.mp4

36. CoA Degrade.mp4

37. CoA Deceive.mp4

38. CoA Destroy.mp4

39. Action Selection and Mutual Exclusivity.mp4

40. Leveraging CoA Intel GainLoss.mp4

41. MITRE ATTCK.mp4

42. TTPs in ATTCK.mp4

43. Different Models for Different Use Cases.mp4

44. Exercise 21 Read In.mp4

45. Details Roles and Requirements 1.mp4

46. Details Roles and Requirements 2.mp4

47. Priority Intelligence Requirements.mp4

48. Exercise 21.mp4

49. Exercise 21 Takeaways.mp4

/.../2. Kill Chain and Diamond Deep Dive/

1. Kill Chain and Diamond Deep Dive.mp4

2. Log Repositories and logrotate.mp4

3. Memory Analysis with Volatility.mp4

4. Section 2 Note Responder Actions.mp4

5. Incoming Alert What You Have.mp4

6. First Steps Reported Intrusion.mp4

7. Responder Action Network Flow Data.mp4

8. Discovery Findings Network Flow.mp4

9. Responder Action Proxy Logs.mp4

10. Discovery Findings Proxy Logs.mp4

11. Reported Intrusion Where Are We Now.mp4

12. Exploiting the URL for Tool Discovery.mp4

13. Pivoting on New Intelligence.mp4

14. Observing the Indicator Life Cycle.mp4

15. Reported Intrusion Where Are We Now.mp4

16. Reported Intrusion Where Do We Go.mp4

17. Kill Chain Completion.mp4

18. Exercise 22.mp4

19. Priority Intelligence Requirements in Exercise Scenario.mp4

20. Exercise 22 Takeaways.mp4

21. Phase 7 Actions on Objectives.mp4

22. Actions on Objectives Network Pivoting Overview.mp4

23. Actions on Objectives Host Pivoting Overview.mp4

24. Reported Intrusion C2 Victim Pivot FTP Flow Data.mp4

25. Responder Action Full Packet Capture.mp4

26. Reported Intrusion C2 Victim Pivot 1 FTP Network Traffic.mp4

27. Reported Intrusion C2 Victim Pivot 2 Flow Data to Known Malicious IPs.mp4

28. Reported Intrusion Victim Pivot 2 Proxy Search from Flow Data.mp4

29. Reported Intrusion Current Knowledge Gaps 1.mp4

30. C2 Decoding Overview.mp4

31. Reported Intrusion Memory Forensics 1.mp4

32. Reported Intrusion Memory Forensics 2.mp4

33. Phase 7 Discovery Disk Forensics 1.mp4

34. Phase 7 Discovery Disk Forensics 2.mp4

35. Responder Action Reverse Engineering.mp4

36. Exercise 23.mp4

37. Priority Intelligence Requirements in Ex 23.mp4

38. Exercise 23 Takeaways.mp4

39. Edison Malware Analysis RFI Response.mp4

40. Capabilities of scvhostexeFJerk.mp4

41. C2 Protocol for scvhostexeFJerk.mp4

42. C2 Decoding with CyberChef.mp4

43. C2 Decoding with Command Line and Scripting.mp4

44. The Beginning of a Persona.mp4

45. Exfil Documents.mp4

46. Where Do We Go.mp4

47. Reported Intrusion Current Knowledge Gaps 2.mp4

48. Moving into the System.mp4

49. Installation Findings.mp4

50. Responder Action Reverse Engineers RFIs.mp4

51. Reported Intrusion Current Knowledge.mp4

52. Phase 4 Exploitation Findings and Problems.mp4

53. Responder Action User Inbox Archive.mp4

54. Glancing Forward Phase 3 Findings.mp4

55. What Happened.mp4

56. Exercise 24.mp4

57. Priority Intelligence Requirements in Ex 24.mp4

58. Exercise 24 Takeaways.mp4

/.../3. Handling Multiple Kill Chains/

1. Handling Multiple Kill Chains.mp4

2. Where Are We and Where Do We Go 1.mp4

3. Reported Intrusion Current Knowledge Gaps.mp4

4. Reported Intrusion Phase 5 Findings Reprise.mp4

5. Reported Intrusion Current Knowledge.mp4

6. InstallationFindings.mp4

7. Where Are We and Where Do We Go 2.mp4

8. Phase 3 DeliveryFindings.mp4

9. The Time Card System.mp4

10. Reported Intrusion Where Are We and Where Do We Go.mp4

11. Kill Chain Sequencing.mp4

12. Visual Representation of Adversarys Efforts.mp4

13. Key Indicators and Insights from the Slides Intrusion.mp4

14. Exercise 25.mp4

15. Some Key Items Collected Out of the Intrusion.mp4

16. Priority Intelligence Requirements in Ex 25 1.mp4

17. Priority Intelligence Requirements in Ex 25 2.mp4

18. Key Indicators and Insights from the Exercises Intrusion.mp4

19. SANS DFIR.mp4

20. Here is my lens You know my methods Sherlock Holmes.mp4

21. COURSE RESOURCES AND CONTACT INFORMATION.mp4

/.../1. Introduction to Collection Sources/

1. Collection Sources.mp4

2. Course Agenda.mp4

3. Section 3 Outline.mp4

4. Case Study HEXANE.mp4

5. HEXANE Background.mp4

6. HEXANE DanBot Header Metadata Compile Times and PDBs.mp4

7. HEXANE DanBot Header Metadata GUIDs.mp4

8. HEXANE DanBot Code Reuse.mp4

9. HEXANE DanBot Configuration Data.mp4

/.../2. Collection Source Malware/

1. Collection Source Malware.mp4

2. Collection from Malware.mp4

3. The Human Fingerprints of Malware.mp4

4. Header Metadata.mp4

5. Code Reuse.mp4

6. Configuration Data.mp4

7. More Configuration Data Examples.mp4

8. Where Do You Get Malware.mp4

9. Commercial Dataset Example VirusTotal.mp4

10. VirusTotal Results.mp4

11. VirusTotal Details.mp4

12. VT Enterprise formerly VirusTotal Intelligence.mp4

13. DC3 Malware Configuration Parser.mp4

14. Malware Configuration Data from Dumping Tool.mp4

15. Exercise 31 Aggregating and Pivoting in Excel.mp4

16. Exercise 31.mp4

17. Key Indicators from Exercise 31.mp4

18. Compilation of SupplyDenn Intrusion Indicators from Ex 21 and Ex 31.mp4

19. Recap Indicators and Insights from the Day 2 Slides Intrusion.mp4

20. Combined View Leet.mp4

/.../3. Collection Source Domains/

1. Collection Source Domains.mp4

2. Data Pivoting 1.mp4

3. Data Pivoting 2.mp4

4. Basic Most Pivotable Indicator Types.mp4

5. Data Pivoting Example 1.mp4

6. Data Pivoting Example 2.mp4

7. Data Pivoting Chart 2.mp4

8. C2 Domain Registration.mp4

9. Adversary Registered.mp4

10. Dynamic DNS Domains.mp4

11. DDNS Manager.mp4

12. DDNS for Adversaries.mp4

13. Legitimate but Compromised.mp4

14. Case Study Poison Hurricane.mp4

15. Autonomous System Number ASN Lookups.mp4

16. ASN Lookup asncymrucom.mp4

17. Passive DNS 1.mp4

18. Some PDNS Providers.mp4

19. Passive DNS 2.mp4

20. Example Mnemonic PDNS.mp4

21. Case Study Epic Turlas Out of This World C2.mp4

22. Epic Tula C2.mp4

23. For the Next Lab DomainTools.mp4

24. DomainTools Iris.mp4

25. DomainTools Search Tabs.mp4

26. DomainTools Pivot Engine.mp4

27. DomainTools Identifying New Indicators.mp4

28. Exercise 32 Expanding Intelligence Through Partners and OSINT.mp4

29. Exercise 32.mp4

30. New Intrusion Kirill Lazutin.mp4

31. Case Study GlassRAT.mp4

32. Case Study GlassRAT Campaign.mp4

33. GlassRAT C2 Overlap GlassRAT.mp4

34. GlassRAT Lessons Learned.mp4

/.../4. Collection Source External Datasets/

1. Collection Source External Datasets.mp4

2. OpenSource Intelligence.mp4

3. Leveraging OSINT.mp4

4. Threat Data Feeds.mp4

5. Threat Intelligence Quotient TIQ Test.mp4

6. Measuring Threat Feeds.mp4

7. FireHOL IP Lists Threat Feed Analyzer.mp4

8. Collective Intelligence Framework.mp4

9. Creating Your Own OSINT Database.mp4

10. Additional OSINT OpenSource Tools.mp4

11. AlienVault OTX.mp4

12. Shodan.mp4

13. Geographical Information and Maps.mp4

14. GCHQs CyberChef.mp4

15. Exercise 33 Introduction.mp4

16. Exercise 33.mp4

17. Key Indicators from Exercise 33.mp4

18. Updated Leet View.mp4

19. Exercise 34 Leadin Ransomware.mp4

20. ThirdParty Phone Call.mp4

21. Priority Intelligence Requirement.mp4

22. For the Next Lab Recorded FutureHome Page.mp4

23. For the Next Lab Recorded FutureSearch Menu.mp4

24. Recorded Future Poison Ivy.mp4

25. Recorded Future Context.mp4

26. Exercise 34.mp4

27. Ex 34 Key Findings.mp4

/.../5. Collection Source TLS Certificates/

1. Collection Source TLS Certificates.mp4

2. TLS Certificates.mp4

3. TLS Certificate Datastores.mp4

4. TLS Certificate Scan Providers.mp4

5. Searching Tips.mp4

6. Censysio Example SANS.mp4

7. Case Study CVE20141761.mp4

8. CVE20141761.mp4

9. Initial Pivoting.mp4

10. Collecting New Data.mp4

11. Identifying Links Between Data Points.mp4

12. Introducing TLS Cert.mp4

13. Identification of New Data.mp4

14. Unique Data from New Pivot Type.mp4

15. Maltego CaseFile.mp4

16. Maltego Entities and Links.mp4

17. Adding Entities to the Graph.mp4

18. Adding Links to the Graph.mp4

19. MovingManipulating Entities.mp4

20. Different Views.mp4

21. Exercise 35.mp4

22. Recap Indicators from Ex 21 and Ex 35.mp4

23. RECAP Kirill Lazutin.mp4

24. Merged View.mp4

25. SANS DFIR.mp4

26. COURSE RESOURCES AND CONTACT INFORMATION.mp4

/.../1. Introduction to Analysis and Production of Intelligence/

1. Analysis and Production of Intelligence.mp4

2. Course Agenda.mp4

3. Section 4 Outline.mp4

4. Case Study Human Operated Ransomware.mp4

5. Human Operated Ransomware Operations.mp4

6. Wadhrama Attack Chain by PARINACOTA.mp4

7. Doppelpaymer Ransomware.mp4

8. Ryuk from TrickBot Infections.mp4

9. Make It Easy for Defenders.mp4

10. Example of Effective Visual Communication of TTPs.mp4

11. What Evil Looks Like.mp4

/.../2. Exploitation Storing and Structuring Data/

1. Exploitation Storing and Structuring Data.mp4

2. Storing Collected Intelligence.mp4

3. Storing Platforms.mp4

4. MISP.mp4

5. Creating an MISP Event.mp4

6. Visually Linking Indicators Between Events.mp4

7. Methods of Storing Best Practices.mp4

8. Leadin to Exercise 41.mp4

9. Exercise 41.mp4

/.../3. Analysis Logical Fallacies and Cognitive Biases/

1. Analysis Logical Fallacies and Cognitive Biases.mp4

2. Identifying and Defeating Bias.mp4

3. Logical Fallacies.mp4

4. Common CTI Informal Fallacies.mp4

5. Other Common Fallacies.mp4

6. Cognitive Biases.mp4

7. Mirror Image.mp4

8. AnchoringFocusing.mp4

9. Confirmation Bias.mp4

10. Congruence Bias.mp4

11. Hindsight Bias.mp4

12. Illusory Correlation.mp4

13. Case Study New York Stock Exchange NYSE Computer Glitch.mp4

14. Cum hoc ergo propter hoc.mp4

15. Case Study Turkey Pipeline Explosion.mp4

16. Bias and Experience.mp4

17. Exercise 42.mp4

/.../4. Analysis of Competing Hypotheses/

1. Analysis of Competing Hypotheses 1.mp4

2. Analysis of Competing Hypotheses 2.mp4

3. 1 Enumerate Hypotheses.mp4

4. 2 Support the Hypotheses.mp4

5. 3 Diagnostics.mp4

6. 4 Refine the Matrix.mp4

7. 5 Prioritize the Hypotheses.mp4

8. 6 Determine Evidentiary Dependence.mp4

9. 7 Report Conclusions.mp4

10. Identify Milestones.mp4

11. Exercise 43.mp4

/.../5. Analysis Different Types of Analysis/

1. Analysis Different Types of Analysis.mp4

2. Leveraging Different Types of Analysis.mp4

3. Link Analysis.mp4

4. Common Link Analysis Tools.mp4

5. MaltegoCasefile Bubble Chart View.mp4

6. Data Analysis.mp4

7. Temporal Data Analysis 1.mp4

8. Temporal Data Analysis 2.mp4

9. Trend Analysis.mp4

10. Case Study Panama Papers.mp4

11. John Doe.mp4

12. The Challenge of Data.mp4

13. Example Link Analysis with Linkurious.mp4

14. Findings and Aftermath.mp4

15. CTI Angle IntelligenceDriven Hypothesis Generation.mp4

16. Exercise 44 Visualizing Large Datasets.mp4

17. Exercise 44.mp4

/.../6. Analysis Clustering Intrusions/

1. Analysis Clustering Intrusions.mp4

2. Style Guide.mp4

3. NamesIdentifiers.mp4

4. Risks of Clever Naming Conventions.mp4

5. MITRE ATTCK Groups Page.mp4

6. Rosetta Stone APT Groups and Operations Matrix.mp4

7. There is No OnetoOne Mapping.mp4

8. OnetoOne Mapping Issues Example.mp4

9. Confidently Correlating Clusters.mp4

10. ACH for IntrusionCluster Correlation.mp4

11. The Basics.mp4

12. Categorize Evidence Using Kill Chain and the Diamond Model.mp4

13. Enumerating IntrusionCampaign Hypotheses.mp4

14. External Intrusion Reports.mp4

15. Diamond Model Deeper Dive MetaFeatures.mp4

16. Creating an Activity Group.mp4

17. Different Examples of Diamond Models for Different Reqs.mp4

18. Recap of K Lazutin.mp4

19. New Intrusion Does it Fit.mp4

20. Adding Intrusions to the Diamond Model Creating a Group.mp4

21. Introducing PINKIEPIE.mp4

22. Shortcut The Rule of 2.mp4

23. Rule of 2 Forming an Activity Group.mp4

24. When to Retire Clusters.mp4

25. Case Study APT10 and APT31.mp4

26. Recorded Future and Rapid7 Attributed Breaches to APT10.mp4

27. Group Names are Definitions not Often Publicly Known.mp4

28. The Problem Isnt just a Recorded Future Rapid7 Problem.mp4

29. Everyones a Little Wrong.mp4

30. Ex 45 Lead In.mp4

31. Top Energy Intrusion.mp4

32. Recap of Top Energys Key Indicators from Day 2.mp4

33. New Intrusion 1 Key Indicators.mp4

34. New Intrusion 2 Key Indicators.mp4

35. Which Intrusion Overlaps.mp4

36. Introducing RAINBOWDASH Activity Group.mp4

37. Exercise 45 Leadin.mp4

38. Recap of Leet Intrusion Set.mp4

39. Exercise 45.mp4

40. SANS DFIR.mp4

41. COURSE RESOURCES AND CONTACT INFORMATION.mp4

/.../1. Introduction to Dissemination and Attribution/

1. Dissemination and Attribution.mp4

2. Course Agenda.mp4

3. Section 5 Outline.mp4

4. Case Study Axiom.mp4

5. PlugX.mp4

6. Hikit Malware.mp4

7. Hikit Malware and Bit9.mp4

8. Axiom.mp4

9. Interesting Attributes.mp4

10. Lessons Learned.mp4

/.../5. Dissemination and Attribution/2. Dissemination Tactical/

1. Dissemination Tactical.mp4

2. Know the Audience.mp4

3. YARA.mp4

4. Sample YARA Rule.mp4

5. YARA Key Points.mp4

6. Hex Special Values.mp4

7. More Complex YARA Rules.mp4

8. Sample YARA Rule Uncommon File Size.mp4

9. Sample YARA Rule GlassRAT.mp4

10. Sample YARA Rule Sofacy.mp4

11. Sample YARA Rule Sofacy from the German Parliament Campaign.mp4

12. Validating Signatures and IOCs.mp4

13. Exercise 51.mp4

14. Case Study HackingTeam.mp4

15. Case Study HackingTeam 1.mp4

16. Case Study HackingTeam 2.mp4

17. HackingTeam Isnt Alone.mp4

18. HackingTeams Compromise and Mercenary Group Takeaways.mp4

/.../5. Dissemination and Attribution/3. Dissemination Operational/

1. Dissemination Operational.mp4

2. Operational Threat Intelligence.mp4

3. Communicating About Adversary Operations.mp4

4. Partners and Collaboration.mp4

5. NationalLevel Government Information.mp4

6. ISACs and ISAOs.mp4

7. Additional Resources.mp4

8. STIXTAXII.mp4

9. TAXII Implementations.mp4

10. STIX 21 Objects.mp4

11. STIX 2.mp4

12. Methods of Sharing Best Practices.mp4

13. Exercise 52 Introduction.mp4

14. Exercise 52.mp4

15. Woe the Lowly Metric.mp4

16. Why You Should Embrace Metrics.mp4

17. Campaign Heatmap.mp4

18. Organizational Heat Maps.mp4

19. Incident OneSlider.mp4

20. Incident OneSlider With Multiple.mp4

21. Mitigation Scorecard.mp4

22. Email Delivery Success.mp4

23. Analytical Completeness.mp4

24. Case Study Metrics from CTI Summit.mp4

25. Exercise 53 Gaining Historical Perspective.mp4

26. Exercise 53.mp4

/.../5. Dissemination and Attribution/4. Dissemination Strategic/

1. Dissemination Strategic.mp4

2. Strategic Threat Intelligence.mp4

3. Example Outcome Indictments.mp4

4. Making the Business Case for Security.mp4

5. Expectations.mp4

6. Lessons from the Field Shoe Company and AntiHype.mp4

7. ReportsNarrativeForm Intelligence.mp4

8. Observation Versus Interpretation.mp4

9. Estimative Language.mp4

10. Estimative Scales.mp4

11. ALWAYS REMEMBER.mp4

12. Diamond Model and Analytic Findings.mp4

13. Confidence Assessments.mp4

14. Constructing Assessments.mp4

15. Tips on Effective Report Writing.mp4

16. InClass Exercise.mp4

17. Proofpoints North Korea Bitten by Bitcoin Bug.mp4

18. Proofpoints North Korea Report Pros and Cons.mp4

19. Norses Iran CIB.mp4

20. Iran CIB Pros and Cons.mp4

21. Kasperskys Equation Group Optional.mp4

22. Equation Group Pros and Cons Optional.mp4

23. Case Study APT10 and Cloud Hopper.mp4

24. APT10 and the Chinese State.mp4

25. APT10 and the US Government.mp4

26. Indictments for Attribution APT10.mp4

27. Indictments for TTP Discovery APT10.mp4

28. Indictments for IOC Discovery APT10.mp4

29. Cloud Hopper.mp4

30. Observations for CTI Analysts Communicating Broadly.mp4

31. Observations for CTI Analysts Human Fingerprints.mp4

32. Observations for CTI Analysts Timelines.mp4

33. Observations for CTI Analysts Closing Thoughts.mp4

/.../5. A Specific Intelligence Requirement Attribution/

1. A Specific Intelligence Requirement Attribution.mp4

2. Attribution as an Intelligence Requirement.mp4

3. On Attribution.mp4

4. Four Approaches to True Attribution.mp4

5. The Simpsons Did It.mp4

6. Achieving the Value of Attribution without Attribution.mp4

7. Example Use Cases of Attribution.mp4

8. Attribution Is Never Straightforward.mp4

9. Example Merged State and Criminal Activity.mp4

10. Geopolitical Conflict Intersects Cyber.mp4

11. Challenges in Observing the Adversarys Intel Life Cycle.mp4

12. Deriving Intent.mp4

13. The Basics of State Attribution.mp4

14. Analytical Model for Each Entity.mp4

15. Categorize Evidence Using Threat Definition.mp4

16. Understanding Opportunity.mp4

17. ACH Matrix Template for State Attribution.mp4

18. Be Prepared for Information to Change.mp4

19. CaseStudy Soviet Disinformation Operations.mp4

20. False Flags.mp4

21. False Flag Example South Korean Winter Olympics.mp4

22. Coming to the EndReassess Intelligence Requirements.mp4

23. Case Study Lazarus Group.mp4

24. Operation Troy and Attacks on South Korean Organizations.mp4

25. The Sony Attack.mp4

26. Government Attribution.mp4

27. WannaCry Connections.mp4

28. Overlaps in the Intrusions.mp4

29. The Making of a Group Lazarus.mp4

30. Problem with Extending Too Far.mp4

31. Exercise 54.mp4

32. SANS DFIR.mp4

33. COURSE RESOURCES AND CONTACT INFORMATION.mp4

/VoD 2021/6. Capstone/1. Day 6 Capstone/

1. Day 6 Capstone.mp4

2. Capstone The Goals.mp4

3. Capstone What to Know To Have Fun.mp4

4. Capstone How to Win.mp4

5. Scenario Background.mp4

6. VI Capstone.mp4

7. You.mp4

8. The State Actors.mp4

9. The NonState Actors.mp4

10. Scenario Objectives.mp4

11. Your Resources.mp4

12. Capstone.mp4

13. Baby Yoda.mp4

14. Incorporate the Fifteen Axioms for Intelligence Analysts.mp4

15. Thanks for Coming.mp4

16. SANS DFIR.mp4

Total files 615