وب سایت تخصصی شرکت فرین
دسته بندی دوره ها

FOR578 Cyber Threat Intelligence 2021

سرفصل های دوره

1. Cyber Threat Intelligence and Requirements
    1. Introduction to Cyber Threat Intelligence and Requirements
  • 1. Welcome to Cyber Threat Intelligence FOR578
  • 2. Be Social
  • 3. Lab Guidance
  • 4. Cyber Threat Intelligence and Requirements
  • 5. Course Agenda
  • 6. Course Goal A Capable CTI Analyst
  • 7. FOR578 GCTI School of Thought
  • 8. Section 1 Outline
  • 9. Case Study Moonlight Maze
  • 10. Targeting Government and Military Networks
  • 11. Investigating Moonlight Maze
  • 12. 2016 Reanalyzing Moonlight Maze
  • 13. Connections to the Present Penquin Turla
  • 14. Putting the Pieces Together
  • 15. Lessons Learned
    2. Understanding Intelligence
  • 1. Understanding Intelligence
  • 2. Intelligence
  • 3. Classic Intelligence Sources
  • 4. Counterintelligence
  • 5. Case Study Operation Bodyguard
  • 6. Sherman Kent
  • 7. Kents Analytic Doctrine
  • 8. Richards J Heuer Jr
  • 9. Analysis
  • 10. Analytical Judgment
  • 11. DataDriven Versus ConceptuallyDriven Analysis
  • 12. Thinking About Thinking and Perception
  • 13. Analysis in Action
  • 14. Hindrances to Good Analysis
  • 15. Bias Example Ransomware Targeting Elections
  • 16. System 1 and System 2 Thinking
  • 17. Mental Models
  • 18. Kills Chains and Other Structured Models Data into Buckets
  • 19. Structured Analytic Techniques
  • 20. The Intelligence Life Cycle
  • 21. Field of View Bias from Collection
  • 22. Know the Difference Data Versus Intelligence
  • 23. Example Tools for Structured Analytic Techniques
  • 24. MindMup
  • 25. Exercise 11
  • 26. Case Study Operation Aurora 1
  • 27. Case Study Operation Aurora 2
  • 28. Enter the CyberDragon
  • 29. Tools and Tradecraft
  • 30. Clues into Attribution
  • 31. Lessons Learned
    3. Understanding Cyber Threat Intelligence
  • 1. Understanding Cyber Threat Intelligence
  • 2. Defining Cyber Threat Intelligence
  • 3. CTI Terminology
  • 4. Threat
  • 5. Intelligence Requirements
  • 6. Intrusions
  • 7. Activity Group
  • 8. Threat Actor
  • 9. Campaign
  • 10. Traffic Light Protocol
  • 11. AdversaryThreat Personas and TargetsVictims
  • 12. Tactics Techniques and Procedures
  • 13. Tradecraft
  • 14. Indicators
  • 15. Indicator Life Cycle Introduction
  • 16. Key Indicators
  • 17. Key Indicator Examples
  • 18. Discovery and Indicator Life Span
  • 19. Indicator Fatigue and Proper Use Cases
  • 20. Case Study PROMETHIUM and NEODYMIUM
  • 21. Background
  • 22. Observable Characteristics
  • 23. NEODYMIUM Intrusion Flow
  • 24. The Activity Groups
    4. Threat Intelligence Consumption
  • 1. Threat Intelligence Consumption
  • 2. Intelligence Generation Versus Consumption
  • 3. Sliding Scale of Cyber Security
  • 4. Leverage Intelligence to Drive Value
  • 5. Offense Intelligence Consumption
  • 6. Intelligence Intelligence Consumption
  • 7. Active Defense Intelligence Consumption
  • 8. Passive Defense Intelligence Consumption
  • 9. Architecture Intelligence Consumption
  • 10. The Four Types of Threat Detection
  • 11. Moving Indicators to Threat Behavioral Analytics
  • 12. The Pyramid of Pain
  • 13. Exercise 12 LeadIn
  • 14. Exercise 12 Optional
    5. Preparing the Team to Generate Intelligence
  • 1. Preparing the Team to Generate Intelligence
  • 2. Making the Switch from Consuming to Generating
  • 3. Priority Intelligence Requirements
  • 4. Intended Audience
  • 5. Intelligence Requirement Examples
  • 6. Structuring Your Team to Generate Intelligence
  • 7. A Few Sample Purposes of a Cyber Threat Intelligence Team
  • 8. Case Study The First Ever Electric Grid Focused Malware
  • 9. Ukraine December 2016
  • 10. Exercise 13 The Evolving Situation
  • 11. Scenario Companies and Organizations
  • 12. Details Roles and Requirements
  • 13. Exercise 13
  • 14. Case Study Carbanak
  • 15. Carberp
  • 16. Carbanak
  • 17. How the Carbanak Cybergang Stole 1B
  • 18. Carbanak Evolution
  • 19. The Impact
  • 20. Lessons Learned
    6. Planning and Direction
  • 1. Planning and Direction
  • 2. Generating Intelligence Requirements
  • 3. Planning Collection Management Framework
  • 4. A Sample External Collection Management Framework on Malware Data
  • 5. A Sample Internal Collection Management Framework
  • 6. Systems Analysis
  • 7. Threat Modeling
  • 8. TargetCentric Intelligence Analysis
  • 9. Building a Threat Model Review Your Critical Systems and Information
  • 10. Adding Potential Adversaries to the Model
  • 11. Pivoting off Information and Resources
  • 12. Getting the Information You Need
  • 13. Go as Granular as You Need
  • 14. The VERIS Framework
  • 15. Fundamentals of VERIS
  • 16. VCAF VERIS Common Attack Framework
  • 17. Using VERIS to Track Threats
  • 18. Exercise 14 Positioning for the Future 1
  • 19. Exercise 14 Positioning for the Future 2
  • 20. Exercise 14
  • 21. SANS DFIR
  • 22. COURSE RESOURCES AND CONTACT INFORMATION

2. The Fundamental Skill Set Intrusion Analysis
    1. Primary Collection Source Intrusion Analysis
  • 1. Welcome to Cyber Threat Intelligence FOR578 Day 2
  • 2. The Fundamental Skill Set Intrusion Analysis
  • 3. Course Agenda
  • 4. Section 2 Outline
  • 5. Primary Collection Source Intrusion Analysis
  • 6. Kill Chain Overview
  • 7. Stage 1 Recon Precursors
  • 8. Recon Example
  • 9. Stage 2 Weaponization
  • 10. Weaponization Example Trojanized Document
  • 11. Stage 3 Delivery
  • 12. Delivery Example HTTP
  • 13. Stage 4 Exploitation
  • 14. ExploitDelivery Loop SMTPHTTP
  • 15. Stage 5 Installation
  • 16. Installation Example
  • 17. Stage 6 Command and Control C2
  • 18. C2 Example Sleep
  • 19. Stage 7 Actions on Objectives
  • 20. Actions Example
  • 21. Introduction to the Diamond Model
  • 22. Diamond Model Axioms
  • 23. Diamond Adversary
  • 24. Adversary Human Fingerprints Examples in Malware
  • 25. Diamond CapabilityTTP
  • 26. Diamond Infrastructure
  • 27. Diamond Victim
  • 28. Merging the Diamond Model and Kill Chain
  • 29. One Phases Choices May Move in Another Phase
  • 30. CoA Introduction
  • 31. The Courses of Action Matrix
  • 32. CoA Discover
  • 33. CoA Detect
  • 34. CoA Deny
  • 35. CoA Disrupt
  • 36. CoA Degrade
  • 37. CoA Deceive
  • 38. CoA Destroy
  • 39. Action Selection and Mutual Exclusivity
  • 40. Leveraging CoA Intel GainLoss
  • 41. MITRE ATTCK
  • 42. TTPs in ATTCK
  • 43. Different Models for Different Use Cases
  • 44. Exercise 21 Read In
  • 45. Details Roles and Requirements 1
  • 46. Details Roles and Requirements 2
  • 47. Priority Intelligence Requirements
  • 48. Exercise 21
  • 49. Exercise 21 Takeaways
    2. Kill Chain and Diamond Deep Dive
  • 1. Kill Chain and Diamond Deep Dive
  • 2. Log Repositories and logrotate
  • 3. Memory Analysis with Volatility
  • 4. Section 2 Note Responder Actions
  • 5. Incoming Alert What You Have
  • 6. First Steps Reported Intrusion
  • 7. Responder Action Network Flow Data
  • 8. Discovery Findings Network Flow
  • 9. Responder Action Proxy Logs
  • 10. Discovery Findings Proxy Logs
  • 11. Reported Intrusion Where Are We Now
  • 12. Exploiting the URL for Tool Discovery
  • 13. Pivoting on New Intelligence
  • 14. Observing the Indicator Life Cycle
  • 15. Reported Intrusion Where Are We Now
  • 16. Reported Intrusion Where Do We Go
  • 17. Kill Chain Completion
  • 18. Exercise 22
  • 19. Priority Intelligence Requirements in Exercise Scenario
  • 20. Exercise 22 Takeaways
  • 21. Phase 7 Actions on Objectives
  • 22. Actions on Objectives Network Pivoting Overview
  • 23. Actions on Objectives Host Pivoting Overview
  • 24. Reported Intrusion C2 Victim Pivot FTP Flow Data
  • 25. Responder Action Full Packet Capture
  • 26. Reported Intrusion C2 Victim Pivot 1 FTP Network Traffic
  • 27. Reported Intrusion C2 Victim Pivot 2 Flow Data to Known Malicious IPs
  • 28. Reported Intrusion Victim Pivot 2 Proxy Search from Flow Data
  • 29. Reported Intrusion Current Knowledge Gaps 1
  • 30. C2 Decoding Overview
  • 31. Reported Intrusion Memory Forensics 1
  • 32. Reported Intrusion Memory Forensics 2
  • 33. Phase 7 Discovery Disk Forensics 1
  • 34. Phase 7 Discovery Disk Forensics 2
  • 35. Responder Action Reverse Engineering
  • 36. Exercise 23
  • 37. Priority Intelligence Requirements in Ex 23
  • 38. Exercise 23 Takeaways
  • 39. Edison Malware Analysis RFI Response
  • 40. Capabilities of scvhostexeFJerk
  • 41. C2 Protocol for scvhostexeFJerk
  • 42. C2 Decoding with CyberChef
  • 43. C2 Decoding with Command Line and Scripting
  • 44. The Beginning of a Persona
  • 45. Exfil Documents
  • 46. Where Do We Go
  • 47. Reported Intrusion Current Knowledge Gaps 2
  • 48. Moving into the System
  • 49. Installation Findings
  • 50. Responder Action Reverse Engineers RFIs
  • 51. Reported Intrusion Current Knowledge
  • 52. Phase 4 Exploitation Findings and Problems
  • 53. Responder Action User Inbox Archive
  • 54. Glancing Forward Phase 3 Findings
  • 55. What Happened
  • 56. Exercise 24
  • 57. Priority Intelligence Requirements in Ex 24
  • 58. Exercise 24 Takeaways
    3. Handling Multiple Kill Chains
  • 1. Handling Multiple Kill Chains
  • 2. Where Are We and Where Do We Go 1
  • 3. Reported Intrusion Current Knowledge Gaps
  • 4. Reported Intrusion Phase 5 Findings Reprise
  • 5. Reported Intrusion Current Knowledge
  • 6. InstallationFindings
  • 7. Where Are We and Where Do We Go 2
  • 8. Phase 3 DeliveryFindings
  • 9. The Time Card System
  • 10. Reported Intrusion Where Are We and Where Do We Go
  • 11. Kill Chain Sequencing
  • 12. Visual Representation of Adversarys Efforts
  • 13. Key Indicators and Insights from the Slides Intrusion
  • 14. Exercise 25
  • 15. Some Key Items Collected Out of the Intrusion
  • 16. Priority Intelligence Requirements in Ex 25 1
  • 17. Priority Intelligence Requirements in Ex 25 2
  • 18. Key Indicators and Insights from the Exercises Intrusion
  • 19. SANS DFIR
  • 20. Here is my lens You know my methods Sherlock Holmes
  • 21. COURSE RESOURCES AND CONTACT INFORMATION

3. Collection Sources
    1. Introduction to Collection Sources
  • 1. Collection Sources
  • 2. Course Agenda
  • 3. Section 3 Outline
  • 4. Case Study HEXANE
  • 5. HEXANE Background
  • 6. HEXANE DanBot Header Metadata Compile Times and PDBs
  • 7. HEXANE DanBot Header Metadata GUIDs
  • 8. HEXANE DanBot Code Reuse
  • 9. HEXANE DanBot Configuration Data
    2. Collection Source Malware
  • 1. Collection Source Malware
  • 2. Collection from Malware
  • 3. The Human Fingerprints of Malware
  • 4. Header Metadata
  • 5. Code Reuse
  • 6. Configuration Data
  • 7. More Configuration Data Examples
  • 8. Where Do You Get Malware
  • 9. Commercial Dataset Example VirusTotal
  • 10. VirusTotal Results
  • 11. VirusTotal Details
  • 12. VT Enterprise formerly VirusTotal Intelligence
  • 13. DC3 Malware Configuration Parser
  • 14. Malware Configuration Data from Dumping Tool
  • 15. Exercise 31 Aggregating and Pivoting in Excel
  • 16. Exercise 31
  • 17. Key Indicators from Exercise 31
  • 18. Compilation of SupplyDenn Intrusion Indicators from Ex 21 and Ex 31
  • 19. Recap Indicators and Insights from the Day 2 Slides Intrusion
  • 20. Combined View Leet
    3. Collection Source Domains
  • 1. Collection Source Domains
  • 2. Data Pivoting 1
  • 3. Data Pivoting 2
  • 4. Basic Most Pivotable Indicator Types
  • 5. Data Pivoting Example 1
  • 6. Data Pivoting Example 2
  • 7. Data Pivoting Chart 2
  • 8. C2 Domain Registration
  • 9. Adversary Registered
  • 10. Dynamic DNS Domains
  • 11. DDNS Manager
  • 12. DDNS for Adversaries
  • 13. Legitimate but Compromised
  • 14. Case Study Poison Hurricane
  • 15. Autonomous System Number ASN Lookups
  • 16. ASN Lookup asncymrucom
  • 17. Passive DNS 1
  • 18. Some PDNS Providers
  • 19. Passive DNS 2
  • 20. Example Mnemonic PDNS
  • 21. Case Study Epic Turlas Out of This World C2
  • 22. Epic Tula C2
  • 23. For the Next Lab DomainTools
  • 24. DomainTools Iris
  • 25. DomainTools Search Tabs
  • 26. DomainTools Pivot Engine
  • 27. DomainTools Identifying New Indicators
  • 28. Exercise 32 Expanding Intelligence Through Partners and OSINT
  • 29. Exercise 32
  • 30. New Intrusion Kirill Lazutin
  • 31. Case Study GlassRAT
  • 32. Case Study GlassRAT Campaign
  • 33. GlassRAT C2 Overlap GlassRAT
  • 34. GlassRAT Lessons Learned
    4. Collection Source External Datasets
  • 1. Collection Source External Datasets
  • 2. OpenSource Intelligence
  • 3. Leveraging OSINT
  • 4. Threat Data Feeds
  • 5. Threat Intelligence Quotient TIQ Test
  • 6. Measuring Threat Feeds
  • 7. FireHOL IP Lists Threat Feed Analyzer
  • 8. Collective Intelligence Framework
  • 9. Creating Your Own OSINT Database
  • 10. Additional OSINT OpenSource Tools
  • 11. AlienVault OTX
  • 12. Shodan
  • 13. Geographical Information and Maps
  • 14. GCHQs CyberChef
  • 15. Exercise 33 Introduction
  • 16. Exercise 33
  • 17. Key Indicators from Exercise 33
  • 18. Updated Leet View
  • 19. Exercise 34 Leadin Ransomware
  • 20. ThirdParty Phone Call
  • 21. Priority Intelligence Requirement
  • 22. For the Next Lab Recorded FutureHome Page
  • 23. For the Next Lab Recorded FutureSearch Menu
  • 24. Recorded Future Poison Ivy
  • 25. Recorded Future Context
  • 26. Exercise 34
  • 27. Ex 34 Key Findings
    5. Collection Source TLS Certificates
  • 1. Collection Source TLS Certificates
  • 2. TLS Certificates
  • 3. TLS Certificate Datastores
  • 4. TLS Certificate Scan Providers
  • 5. Searching Tips
  • 6. Censysio Example SANS
  • 7. Case Study CVE20141761
  • 8. CVE20141761
  • 9. Initial Pivoting
  • 10. Collecting New Data
  • 11. Identifying Links Between Data Points
  • 12. Introducing TLS Cert
  • 13. Identification of New Data
  • 14. Unique Data from New Pivot Type
  • 15. Maltego CaseFile
  • 16. Maltego Entities and Links
  • 17. Adding Entities to the Graph
  • 18. Adding Links to the Graph
  • 19. MovingManipulating Entities
  • 20. Different Views
  • 21. Exercise 35
  • 22. Recap Indicators from Ex 21 and Ex 35
  • 23. RECAP Kirill Lazutin
  • 24. Merged View
  • 25. SANS DFIR
  • 26. COURSE RESOURCES AND CONTACT INFORMATION

4. Analysis and Production of Intelligence
    1. Introduction to Analysis and Production of Intelligence
  • 1. Analysis and Production of Intelligence
  • 2. Course Agenda
  • 3. Section 4 Outline
  • 4. Case Study Human Operated Ransomware
  • 5. Human Operated Ransomware Operations
  • 6. Wadhrama Attack Chain by PARINACOTA
  • 7. Doppelpaymer Ransomware
  • 8. Ryuk from TrickBot Infections
  • 9. Make It Easy for Defenders
  • 10. Example of Effective Visual Communication of TTPs
  • 11. What Evil Looks Like
    2. Exploitation Storing and Structuring Data
  • 1. Exploitation Storing and Structuring Data
  • 2. Storing Collected Intelligence
  • 3. Storing Platforms
  • 4. MISP
  • 5. Creating an MISP Event
  • 6. Visually Linking Indicators Between Events
  • 7. Methods of Storing Best Practices
  • 8. Leadin to Exercise 41
  • 9. Exercise 41
    3. Analysis Logical Fallacies and Cognitive Biases
  • 1. Analysis Logical Fallacies and Cognitive Biases
  • 2. Identifying and Defeating Bias
  • 3. Logical Fallacies
  • 4. Common CTI Informal Fallacies
  • 5. Other Common Fallacies
  • 6. Cognitive Biases
  • 7. Mirror Image
  • 8. AnchoringFocusing
  • 9. Confirmation Bias
  • 10. Congruence Bias
  • 11. Hindsight Bias
  • 12. Illusory Correlation
  • 13. Case Study New York Stock Exchange NYSE Computer Glitch
  • 14. Cum hoc ergo propter hoc
  • 15. Case Study Turkey Pipeline Explosion
  • 16. Bias and Experience
  • 17. Exercise 42
    4. Analysis of Competing Hypotheses
  • 1. Analysis of Competing Hypotheses 1
  • 2. Analysis of Competing Hypotheses 2
  • 3. 1 Enumerate Hypotheses
  • 4. 2 Support the Hypotheses
  • 5. 3 Diagnostics
  • 6. 4 Refine the Matrix
  • 7. 5 Prioritize the Hypotheses
  • 8. 6 Determine Evidentiary Dependence
  • 9. 7 Report Conclusions
  • 10. Identify Milestones
  • 11. Exercise 43
    5. Analysis Different Types of Analysis
  • 1. Analysis Different Types of Analysis
  • 2. Leveraging Different Types of Analysis
  • 3. Link Analysis
  • 4. Common Link Analysis Tools
  • 5. MaltegoCasefile Bubble Chart View
  • 6. Data Analysis
  • 7. Temporal Data Analysis 1
  • 8. Temporal Data Analysis 2
  • 9. Trend Analysis
  • 10. Case Study Panama Papers
  • 11. John Doe
  • 12. The Challenge of Data
  • 13. Example Link Analysis with Linkurious
  • 14. Findings and Aftermath
  • 15. CTI Angle IntelligenceDriven Hypothesis Generation
  • 16. Exercise 44 Visualizing Large Datasets
  • 17. Exercise 44
    6. Analysis Clustering Intrusions
  • 1. Analysis Clustering Intrusions
  • 2. Style Guide
  • 3. NamesIdentifiers
  • 4. Risks of Clever Naming Conventions
  • 5. MITRE ATTCK Groups Page
  • 6. Rosetta Stone APT Groups and Operations Matrix
  • 7. There is No OnetoOne Mapping
  • 8. OnetoOne Mapping Issues Example
  • 9. Confidently Correlating Clusters
  • 10. ACH for IntrusionCluster Correlation
  • 11. The Basics
  • 12. Categorize Evidence Using Kill Chain and the Diamond Model
  • 13. Enumerating IntrusionCampaign Hypotheses
  • 14. External Intrusion Reports
  • 15. Diamond Model Deeper Dive MetaFeatures
  • 16. Creating an Activity Group
  • 17. Different Examples of Diamond Models for Different Reqs
  • 18. Recap of K Lazutin
  • 19. New Intrusion Does it Fit
  • 20. Adding Intrusions to the Diamond Model Creating a Group
  • 21. Introducing PINKIEPIE
  • 22. Shortcut The Rule of 2
  • 23. Rule of 2 Forming an Activity Group
  • 24. When to Retire Clusters
  • 25. Case Study APT10 and APT31
  • 26. Recorded Future and Rapid7 Attributed Breaches to APT10
  • 27. Group Names are Definitions not Often Publicly Known
  • 28. The Problem Isnt just a Recorded Future Rapid7 Problem
  • 29. Everyones a Little Wrong
  • 30. Ex 45 Lead In
  • 31. Top Energy Intrusion
  • 32. Recap of Top Energys Key Indicators from Day 2
  • 33. New Intrusion 1 Key Indicators
  • 34. New Intrusion 2 Key Indicators
  • 35. Which Intrusion Overlaps
  • 36. Introducing RAINBOWDASH Activity Group
  • 37. Exercise 45 Leadin
  • 38. Recap of Leet Intrusion Set
  • 39. Exercise 45
  • 40. SANS DFIR
  • 41. COURSE RESOURCES AND CONTACT INFORMATION

5. Dissemination and Attribution
    1. Introduction to Dissemination and Attribution
  • 1. Dissemination and Attribution
  • 2. Course Agenda
  • 3. Section 5 Outline
  • 4. Case Study Axiom
  • 5. PlugX
  • 6. Hikit Malware
  • 7. Hikit Malware and Bit9
  • 8. Axiom
  • 9. Interesting Attributes
  • 10. Lessons Learned
    2. Dissemination Tactical
  • 1. Dissemination Tactical
  • 2. Know the Audience
  • 3. YARA
  • 4. Sample YARA Rule
  • 5. YARA Key Points
  • 6. Hex Special Values
  • 7. More Complex YARA Rules
  • 8. Sample YARA Rule Uncommon File Size
  • 9. Sample YARA Rule GlassRAT
  • 10. Sample YARA Rule Sofacy
  • 11. Sample YARA Rule Sofacy from the German Parliament Campaign
  • 12. Validating Signatures and IOCs
  • 13. Exercise 51
  • 14. Case Study HackingTeam
  • 15. Case Study HackingTeam 1
  • 16. Case Study HackingTeam 2
  • 17. HackingTeam Isnt Alone
  • 18. HackingTeams Compromise and Mercenary Group Takeaways
    3. Dissemination Operational
  • 1. Dissemination Operational
  • 2. Operational Threat Intelligence
  • 3. Communicating About Adversary Operations
  • 4. Partners and Collaboration
  • 5. NationalLevel Government Information
  • 6. ISACs and ISAOs
  • 7. Additional Resources
  • 8. STIXTAXII
  • 9. TAXII Implementations
  • 10. STIX 21 Objects
  • 11. STIX 2
  • 12. Methods of Sharing Best Practices
  • 13. Exercise 52 Introduction
  • 14. Exercise 52
  • 15. Woe the Lowly Metric
  • 16. Why You Should Embrace Metrics
  • 17. Campaign Heatmap
  • 18. Organizational Heat Maps
  • 19. Incident OneSlider
  • 20. Incident OneSlider With Multiple
  • 21. Mitigation Scorecard
  • 22. Email Delivery Success
  • 23. Analytical Completeness
  • 24. Case Study Metrics from CTI Summit
  • 25. Exercise 53 Gaining Historical Perspective
  • 26. Exercise 53
    4. Dissemination Strategic
  • 1. Dissemination Strategic
  • 2. Strategic Threat Intelligence
  • 3. Example Outcome Indictments
  • 4. Making the Business Case for Security
  • 5. Expectations
  • 6. Lessons from the Field Shoe Company and AntiHype
  • 7. ReportsNarrativeForm Intelligence
  • 8. Observation Versus Interpretation
  • 9. Estimative Language
  • 10. Estimative Scales
  • 11. ALWAYS REMEMBER
  • 12. Diamond Model and Analytic Findings
  • 13. Confidence Assessments
  • 14. Constructing Assessments
  • 15. Tips on Effective Report Writing
  • 16. InClass Exercise
  • 17. Proofpoints North Korea Bitten by Bitcoin Bug
  • 18. Proofpoints North Korea Report Pros and Cons
  • 19. Norses Iran CIB
  • 20. Iran CIB Pros and Cons
  • 21. Kasperskys Equation Group Optional
  • 22. Equation Group Pros and Cons Optional
  • 23. Case Study APT10 and Cloud Hopper
  • 24. APT10 and the Chinese State
  • 25. APT10 and the US Government
  • 26. Indictments for Attribution APT10
  • 27. Indictments for TTP Discovery APT10
  • 28. Indictments for IOC Discovery APT10
  • 29. Cloud Hopper
  • 30. Observations for CTI Analysts Communicating Broadly
  • 31. Observations for CTI Analysts Human Fingerprints
  • 32. Observations for CTI Analysts Timelines
  • 33. Observations for CTI Analysts Closing Thoughts
    5. A Specific Intelligence Requirement Attribution
  • 1. A Specific Intelligence Requirement Attribution
  • 2. Attribution as an Intelligence Requirement
  • 3. On Attribution
  • 4. Four Approaches to True Attribution
  • 5. The Simpsons Did It
  • 6. Achieving the Value of Attribution without Attribution
  • 7. Example Use Cases of Attribution
  • 8. Attribution Is Never Straightforward
  • 9. Example Merged State and Criminal Activity
  • 10. Geopolitical Conflict Intersects Cyber
  • 11. Challenges in Observing the Adversarys Intel Life Cycle
  • 12. Deriving Intent
  • 13. The Basics of State Attribution
  • 14. Analytical Model for Each Entity
  • 15. Categorize Evidence Using Threat Definition
  • 16. Understanding Opportunity
  • 17. ACH Matrix Template for State Attribution
  • 18. Be Prepared for Information to Change
  • 19. CaseStudy Soviet Disinformation Operations
  • 20. False Flags
  • 21. False Flag Example South Korean Winter Olympics
  • 22. Coming to the EndReassess Intelligence Requirements
  • 23. Case Study Lazarus Group
  • 24. Operation Troy and Attacks on South Korean Organizations
  • 25. The Sony Attack
  • 26. Government Attribution
  • 27. WannaCry Connections
  • 28. Overlaps in the Intrusions
  • 29. The Making of a Group Lazarus
  • 30. Problem with Extending Too Far
  • 31. Exercise 54
  • 32. SANS DFIR
  • 33. COURSE RESOURCES AND CONTACT INFORMATION

6. Capstone
  • 1. Day 6 Capstone
  • 2. Capstone The Goals
  • 3. Capstone What to Know To Have Fun
  • 4. Capstone How to Win
  • 5. Scenario Background
  • 6. VI Capstone
  • 7. You
  • 8. The State Actors
  • 9. The NonState Actors
  • 10. Scenario Objectives
  • 11. Your Resources
  • 12. Capstone
  • 13. Baby Yoda
  • 14. Incorporate the Fifteen Axioms for Intelligence Analysts
  • 15. Thanks for Coming
  • 16. SANS DFIR

  • File
  • Books.zip
  • Day 1
  • Day 2
  • Day 3
  • Day 4
  • Day 5
  • Day 6
  • FOR578-23812170.zip
  • USB.zip
  • UTF-8=578.21.2.iso
  • old-sku.txt
  • utf-8=578.21.2.zip
  • 139,000 تومان
    بیش از یک محصول به صورت دانلودی میخواهید؟ محصول را به سبد خرید اضافه کنید.
    خرید دانلودی فوری

    در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

    ایمیل شما:
    تولید کننده:
    شناسه: 14688
    حجم: 28750 مگابایت
    مدت زمان: 3777 دقیقه
    تاریخ انتشار: 4 تیر 1402
    دسته بندی محصول
    طراحی سایت و خدمات سئو

    139,000 تومان
    افزودن به سبد خرید