Operationalizing Cyber Threat Intelligence

Let’s discuss the benefits of operationalizing cyber threat intelligence (CTI) to help protect your organization. This is an interactive talk in which we’ll review an intel report and work together to extract indicators of compromise. After extracting atomic, computed, behavioral, and email-based indicators, we’ll pivot off some of the identified indicators in order to reveal additional indicators we can use for hunting. Once we’ve compiled our indicator set, we’ll hunt through a Splunk environment to see what we find. Maybe we’ll find APT! Maybe we’ll find fool's gold! Maybe we’ll find a bunch of stupid jokes I've hidden in a bunch of fake logs. Oh the mystery!

Ryan J. Chapman (@rj_chap)

Ryan Chapman works as an Incident Response Analyst for Bechtel Corporation. Ryan enjoys farting around with malware analysis, network forensics, and… just about everything else that has to do with security. Ryan loves to run his mouth, which is evident in his fondness for speaking at security conferences along with rocking open mic stand-up comedy. Ryan also spends time with his family, tries to avoid being submitted on the jiu-jitsu mats, and plays plenty of Street Fighter. Hadouken!"