26 September 2017
Giving Away the Magic Sauce
Juan Andres Guerrero-Saade, Principal Security Researcher, GReAT, Kaspersky Lab (@juanandres_gs)
Threat intelligence is all the rage these days, everyone is selling a feed, everyone has a report, everyone has the skinny, everyone wants to be cool. But the practice of unearthing and analyzing a targeted attack is more art than science, similar to detective work, and little material is out there to guide interested defenders on how to do this properly. The few teams doing good work in this space guard their methodologies and experiences jealously from passersby and dilettantes. The truth is that there is enough work for all of us without having to hide these methods from defenders and interested practitioners that could benefit from a better understanding of the threat intelligence production cycle. This talk will deep dive into that production cycle, demarcating the difference between good IR and IT work and the analysis process that yields an understanding of a targeted attack from initial finding, to reverse engineering, pivoting and contextual analysis, and more importantly the intelligence analysis that follows.
open slot for anyone on the night
If you have something relevant or interesting to the audience (not a product pitch) for 10 to 30 minutes please contact the DC4420 crew (Adam, Mark or Tony) on the night.