Quantcast
Channel: Threat Thoughts » Incident Response
Browsing latest articles
Browse All 10 View Live

Image may be NSFW.
Clik here to view.

Threat analysis skillset

I ran across an interesting little article on The Top 6 Skills For Entry-level Intelligence Analysts. While Wheaton focuses on the “national security, law enforcement and business” intel communities, I...

View Article



Image may be NSFW.
Clik here to view.

Another breakdown of incident response skills

Following closely on the heels of yesterday’s post, Ron Gula (the Nessus dude) tweeted a link to Incident Response: 5 Critical Skills. The breakdown comes slightly differently, as it focuses primarily...

View Article

Image may be NSFW.
Clik here to view.

MIR training class

Last week, I took the MIR class from Mandiant. Primarily consisting of product training (as expected and desired), this turned out to be one of the better vendor classes I’ve taken in my career. While...

View Article

Image may be NSFW.
Clik here to view.

Chroming up the facts: SIEM and IR presentation

Chroming it up doesn't actually make it go faster I recently had the opportunity to watch the Trends in SIEM and Incident Response presentation from Narayan Makaram with HP (ArcSight), Anthony Di Bello...

View Article

Image may be NSFW.
Clik here to view.

Adapting intelligence analysis for DFIR

We can define an analyst as a function taking data and caffeine as inputs that outputs (hopefully useful) knowledge: But analysts need more than just good data and properly brewed coffee (or tea, if...

View Article


Image may be NSFW.
Clik here to view.

Two Things: SIEM and DFIR edition

Thanks to Hacker News, I ran across the charming and thought-provoking concept of Two Things: “You know, the Two Things. For every subject, there are really only two things you really need to know....

View Article

Image may be NSFW.
Clik here to view.

Analysis of DNI annual Worldwide Threat Assessment

The US Director of National Intelligence, James Clapper, provided his annual Worldwide Threat Assessment to the Senate yesterday (followed by a classified session with, we can surmise, greater detail)....

View Article

Image may be NSFW.
Clik here to view.

DFIR Learning Curve

The CIRT gets a call from a concerned sysadmin who sees some ssh connections from an Eastern European country to a DMZ web server. As the investigation kicks off and the CIRT staff starts asking...

View Article


Image may be NSFW.
Clik here to view.

NAISG DFW talk: Evolution of an IRT

Last Tuesday, I gave a talk at the DFW chapter of NAISG on “Evolution of an IRT”. Apparently I disappointed the organizers, as my talk didn’t actually have anything to do with Ice Road Truckers. Caught...

View Article


Image may be NSFW.
Clik here to view.

Introduction to the Collective Intelligence Framework

CIRTs and related organizations often handle incident detection as well as response. Both of these roles produce and consume threat intelligence in different ways. For example, we often want to...

View Article
Browsing latest articles
Browse All 10 View Live




Latest Images