Let’s make an assumption that you are not using a commercial appliance with threat signature feeds, or you are concerned about ingesting real-time intelligence from alternate sources, which your threat signature provider cannot do in a timely manner. How can… Read More ›
Intelligence
Deploying Dionaea Honeypots & Collecting Logs to Elastic Cloud
Since finishing my university degree (where my final assignment was based around collecting threat intelligence from honeypots) I have been further exploring their deployment and refinement to collect attack data from across the globe. One of my most favourite honeypots… Read More ›
OSINT Techniques – Image Searching
Generally speaking – you will commence an OSINT investigation for a person with some very basic details. These details will likely include their full name, year of birth, place last seen, and perhaps some other attributes or context around their… Read More ›
Intelligence vs Information vs Data
There is a relationship between Intelligence, Information and Data whereby the latter of which is often available from a number of sources, but may be interpreted as useless until it has been turned into something more useful.
What is Cyber Threat Intelligence?
Intelligence is the enrichment of data or information, its classification and publication by experts within a field. The resultant output is ordinarily a qualitative assessment backed by quantitative metrics, or absolutes which formed part of the data or information it… Read More ›
Building a MISP Threat Feed Aggregator
Over the last few months I have been working away on several work tasks which have had me hunting for threats within an immensely complex environment. Part of this hunt has involved the analysis and selection of threat feeds for… Read More ›
TraceLabs Missing Persons 11th of April 2020
I have posted before on participating in other TraceLabs events (such as the Australian Federal Police Missing Persons Hackathon), so here goes a brief recounting of my experiences with a US missing persons event.
OSINT for Missing Persons (Part 1 – Intro)
Sometime ago I participated in an event run by TraceLabs in conjunction with the Australian Federal Police to locate pieces of information for missing persons across Australia. The twist on this event being it was gamified to allow competing teams… Read More ›
Threat hunting with Elasticsearch and Kibana (Part 1)
As part of my final Masters degree research component I have been collecting data from honeypots which I have seeded around the globe. The objective being to distil this data in to organisational threat data based on a fictitious business…. Read More ›
OSINT for Threat Intelligence
It seems to be a significant buzzword nowadays, but Threat Intelligence is available in an abundance from a wide range of curators and commercial suppliers. So what does it take to correlate observables such as precursors to determine if they… Read More ›
