Summary: <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> In this Black Hills Information Security webcast John breakdowns why he hates threat intelligence… Again… <br> <br> <br> <br> But, he breaks down some of the cool new projects that are focusing on durable threat intelligence. This is key because many intel feeds are nothing more than domains, hashes, and IP addresses. However, with durable threat intel, we see attack techniques that are highly effective, yet are not as easy to block. <br> <br> <br> <br> For example, application allow listing abuse, connection profiles (RITA!), PowerShell encoding are all examples of detects you can use that are not specific to a point in time attack methodology. <br> <br> <br> <br> John also shares some very cool open source projects that are approaching attacks in this way using ELK.<br> <br> <br> <br> Join the Black Hills Information Security Discord discussion server — <a rel="noreferrer noopener" href="https://www.youtube.com/redirect?event=video_description&v=zuwLIjX5r20&redir_token=G6Rh8vRL67mdMoTRrwzH6ABc7uN8MTU5MjkyMDA1OEAxNTkyODMzNjU4&q=https%3A%2F%2Fdiscord.gg%2FaHHh3u5" target="_blank">https://discord.gg/aHHh3u5</a> <br> <br> <br> <br> Slides for this webcast can be found here: <a href="https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_Durable_Ephemeral_Threat_Intel_Strand.pdf" target="_blank" rel="noreferrer noopener">https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_Durable_Ephemeral_Threat_Intel_Strand.pdf</a><br> <br> <br> <br> <a rel="noreferrer noopener" href="https://www.youtube.com/watch?v=zuwLIjX5r20&t=0s" target="_blank">0:00</a> – Be Excellent to Each Other <br> <br> <br> <br> <a rel="noreferrer noopener" href="https://www.youtube.com/watch?v=zuwLIjX5r20&t=66s" target="_blank">1:06</a> – Threat Intel: A Useless Rant <br> <br> <br> <br> <a rel="noreferrer noopener" href="https://www.youtube.com/watch?v=zuwLIjX5r20&t=458s" target="_blank">7:38</a> – Pyramid of Pain <br> <br> <br> <br> <a rel="noreferrer noopener" href="https://www.youtube.com/watch?v=zuwLIjX5r20&t=655s" target="_blank">10:55</a> – You Got Another String Coming <br> <br> <br> <br> <a rel="noreferrer noopener" href="https://www.youtube.com/watch?v=zuwLIjX5r20&t=896s" target="_blank">14:56</a> – Conversation With a Pompous John <br> <br> <br> <br> <a rel="noreferrer noopener" href="https://www.youtube.com/watch?v=zuwLIjX5r20&t=1150s" target="_blank">19:10</a> – Hacking Ain’t Easy <br> <br> <br> <br> <a rel="noreferrer noopener" href="https://www.youtube.com/watch?v=zuwLIjX5r20&t=1341s" target="_blank">22:21</a> – ATT&CK Bingo™ <br> <br> <br> <br> <a rel="noreferrer noopener" href="https://www.youtube.com/watch?v=zuwLIjX5r20&t=1473s" target="_blank">24:33</a> – Emulation for Iteration <br> <br> <br> <br> <a rel="noreferrer noopener" href="https://www.youtube.com/watch?v=zuwLIjX5r20&t=1655s" target="_blank">27:35</a> – Some Open Source Tools <br> <br> <br> <br> <a rel="noreferrer noopener" href="https://www.youtube.com/watch?v=zuwLIjX5r20&t=1923s" target="_blank">32:03</a> – Threat Emulation Warning <br> <br> <br> <br> <a rel="noreferrer noopener" href="https://www.youtube.com/watch?v=zuwLIjX5r20&t=2219s" target="_blank">36:59</a> – MITRE Scorecard <br> <br> <br> <br> <a rel="noreferrer noopener" href="https://www.youtube.com/watch?v=zuwLIjX5r20&t=2749s" target="_blank">45:49</a> – A Bit of Perspective <br> <br> <br> <br> <a rel="noreferrer noopener" href="https://www.youtube.com/watch?"></a>
