FOR578 Cyber Threat Intelligence 2021

Focused View

62:56:40

186 View

1. Cyber Threat Intelligence and Requirements

1. Welcome to Cyber Threat Intelligence FOR578.mp4

03:29
2. Be Social.mp4

00:39
3. Lab Guidance.mp4

02:43
4. Cyber Threat Intelligence and Requirements.mp4

00:28
5. Course Agenda.mp4

01:59
6. Course Goal A Capable CTI Analyst.mp4

05:05
7. FOR578 GCTI School of Thought.mp4

01:11
8. Section 1 Outline.mp4

01:23
9. Case Study Moonlight Maze.mp4

01:12
10. Targeting Government and Military Networks.mp4

00:53
11. Investigating Moonlight Maze.mp4

02:23
12. 2016 Reanalyzing Moonlight Maze.mp4

02:01
13. Connections to the Present Penquin Turla.mp4

01:18
14. Putting the Pieces Together.mp4

01:38
15. Lessons Learned.mp4

00:48

1. Understanding Intelligence.mp4

00:08
2. Intelligence.mp4

01:00
3. Classic Intelligence Sources.mp4

03:42
4. Counterintelligence.mp4

00:30
5. Case Study Operation Bodyguard.mp4

02:15
6. Sherman Kent.mp4

02:17
7. Kents Analytic Doctrine.mp4

01:51
8. Richards J Heuer Jr.mp4

01:05
9. Analysis.mp4

00:40
10. Analytical Judgment.mp4

03:31
11. DataDriven Versus ConceptuallyDriven Analysis.mp4

01:15
12. Thinking About Thinking and Perception.mp4

02:14
13. Analysis in Action.mp4

01:11
14. Hindrances to Good Analysis.mp4

02:37
15. Bias Example Ransomware Targeting Elections.mp4

01:19
16. System 1 and System 2 Thinking.mp4

00:44
17. Mental Models.mp4

00:48
18. Kills Chains and Other Structured Models Data into Buckets.mp4

01:27
19. Structured Analytic Techniques.mp4

00:58
20. The Intelligence Life Cycle.mp4

03:22
21. Field of View Bias from Collection.mp4

05:13
22. Know the Difference Data Versus Intelligence.mp4

01:09
23. Example Tools for Structured Analytic Techniques.mp4

01:26
24. MindMup.mp4

00:22
25. Exercise 11.mp4

02:59
26. Case Study Operation Aurora 1.mp4

00:31
27. Case Study Operation Aurora 2.mp4

02:12
28. Enter the CyberDragon.mp4

02:36
29. Tools and Tradecraft.mp4

02:20
30. Clues into Attribution.mp4

01:24
31. Lessons Learned.mp4

00:53

1. Understanding Cyber Threat Intelligence.mp4

02:11
2. Defining Cyber Threat Intelligence.mp4

00:57
3. CTI Terminology.mp4

00:48
4. Threat.mp4

02:42
5. Intelligence Requirements.mp4

03:29
6. Intrusions.mp4

00:46
7. Activity Group.mp4

03:29
8. Threat Actor.mp4

01:12
9. Campaign.mp4

01:16
10. Traffic Light Protocol.mp4

01:33
11. AdversaryThreat Personas and TargetsVictims.mp4

01:34
12. Tactics Techniques and Procedures.mp4

01:45
13. Tradecraft.mp4

01:42
14. Indicators.mp4

01:03
15. Indicator Life Cycle Introduction.mp4

01:33
16. Key Indicators.mp4

02:04
17. Key Indicator Examples.mp4

00:50
18. Discovery and Indicator Life Span.mp4

02:17
19. Indicator Fatigue and Proper Use Cases.mp4

02:30
20. Case Study PROMETHIUM and NEODYMIUM.mp4

00:53
21. Background.mp4

01:23
22. Observable Characteristics.mp4

00:45
23. NEODYMIUM Intrusion Flow.mp4

00:12
24. The Activity Groups.mp4

03:07

1. Threat Intelligence Consumption.mp4

00:06
2. Intelligence Generation Versus Consumption.mp4

00:23
3. Sliding Scale of Cyber Security.mp4

02:07
4. Leverage Intelligence to Drive Value.mp4

02:22
5. Offense Intelligence Consumption.mp4

00:55
6. Intelligence Intelligence Consumption.mp4

01:45
7. Active Defense Intelligence Consumption.mp4

01:30
8. Passive Defense Intelligence Consumption.mp4

01:35
9. Architecture Intelligence Consumption.mp4

01:06
10. The Four Types of Threat Detection.mp4

04:46
11. Moving Indicators to Threat Behavioral Analytics.mp4

02:03
12. The Pyramid of Pain.mp4

00:57
13. Exercise 12 LeadIn.mp4

00:19
14. Exercise 12 Optional.mp4

00:11

1. Preparing the Team to Generate Intelligence.mp4

00:24
2. Making the Switch from Consuming to Generating.mp4

03:00
3. Priority Intelligence Requirements.mp4

01:22
4. Intended Audience.mp4

01:17
5. Intelligence Requirement Examples.mp4

00:44
6. Structuring Your Team to Generate Intelligence.mp4

03:55
7. A Few Sample Purposes of a Cyber Threat Intelligence Team.mp4

00:35
8. Case Study The First Ever Electric Grid Focused Malware.mp4

02:02
9. Ukraine December 2016.mp4

01:29
10. Exercise 13 The Evolving Situation.mp4

01:08
11. Scenario Companies and Organizations.mp4

00:38
12. Details Roles and Requirements.mp4

00:26
13. Exercise 13.mp4

09:23
14. Case Study Carbanak.mp4

01:13
15. Carberp.mp4

00:33
16. Carbanak.mp4

01:00
17. How the Carbanak Cybergang Stole 1B.mp4

02:26
18. Carbanak Evolution.mp4

01:34
19. The Impact.mp4

00:43
20. Lessons Learned.mp4

01:34

1. Planning and Direction.mp4

00:28
2. Generating Intelligence Requirements.mp4

01:25
3. Planning Collection Management Framework.mp4

01:10
4. A Sample External Collection Management Framework on Malware Data.mp4

01:54
5. A Sample Internal Collection Management Framework.mp4

01:57
6. Systems Analysis.mp4

01:00
7. Threat Modeling.mp4

01:14
8. TargetCentric Intelligence Analysis.mp4

00:57
9. Building a Threat Model Review Your Critical Systems and Information.mp4

00:52
10. Adding Potential Adversaries to the Model.mp4

02:05
11. Pivoting off Information and Resources.mp4

01:32
12. Getting the Information You Need.mp4

00:17
13. Go as Granular as You Need.mp4

01:10
14. The VERIS Framework.mp4

00:32
15. Fundamentals of VERIS.mp4

00:39
16. VCAF VERIS Common Attack Framework.mp4

00:48
17. Using VERIS to Track Threats.mp4

00:45
18. Exercise 14 Positioning for the Future 1.mp4

01:01
19. Exercise 14 Positioning for the Future 2.mp4

00:46
20. Exercise 14.mp4

02:01
21. SANS DFIR.mp4

00:08
22. COURSE RESOURCES AND CONTACT INFORMATION.mp4

00:51

2. The Fundamental Skill Set Intrusion Analysis

1. Welcome to Cyber Threat Intelligence FOR578 Day 2.mp4

01:56
2. The Fundamental Skill Set Intrusion Analysis.mp4

00:23
3. Course Agenda.mp4

00:01
4. Section 2 Outline.mp4

00:40
5. Primary Collection Source Intrusion Analysis.mp4

00:01
6. Kill Chain Overview.mp4

00:44
7. Stage 1 Recon Precursors.mp4

02:17
8. Recon Example.mp4

00:46
9. Stage 2 Weaponization.mp4

00:55
10. Weaponization Example Trojanized Document.mp4

00:34
11. Stage 3 Delivery.mp4

01:20
12. Delivery Example HTTP.mp4

01:02
13. Stage 4 Exploitation.mp4

01:14
14. ExploitDelivery Loop SMTPHTTP.mp4

00:42
15. Stage 5 Installation.mp4

00:32
16. Installation Example.mp4

00:57
17. Stage 6 Command and Control C2.mp4

01:02
18. C2 Example Sleep.mp4

00:52
19. Stage 7 Actions on Objectives.mp4

01:16
20. Actions Example.mp4

00:39
21. Introduction to the Diamond Model.mp4

00:33
22. Diamond Model Axioms.mp4

02:02
23. Diamond Adversary.mp4

01:02
24. Adversary Human Fingerprints Examples in Malware.mp4

01:33
25. Diamond CapabilityTTP.mp4

02:27
26. Diamond Infrastructure.mp4

00:27
27. Diamond Victim.mp4

00:35
28. Merging the Diamond Model and Kill Chain.mp4

01:52
29. One Phases Choices May Move in Another Phase.mp4

01:31
30. CoA Introduction.mp4

00:17
31. The Courses of Action Matrix.mp4

00:17
32. CoA Discover.mp4

00:23
33. CoA Detect.mp4

02:06
34. CoA Deny.mp4

00:14
35. CoA Disrupt.mp4

00:14
36. CoA Degrade.mp4

00:18
37. CoA Deceive.mp4

00:14
38. CoA Destroy.mp4

00:12
39. Action Selection and Mutual Exclusivity.mp4

04:03
40. Leveraging CoA Intel GainLoss.mp4

02:18
41. MITRE ATTCK.mp4

00:44
42. TTPs in ATTCK.mp4

00:58
43. Different Models for Different Use Cases.mp4

01:04
44. Exercise 21 Read In.mp4

00:12
45. Details Roles and Requirements 1.mp4

00:14
46. Details Roles and Requirements 2.mp4

00:21
47. Priority Intelligence Requirements.mp4

03:08
48. Exercise 21.mp4

00:18
49. Exercise 21 Takeaways.mp4

01:10

1. Kill Chain and Diamond Deep Dive.mp4

00:15
2. Log Repositories and logrotate.mp4

01:13
3. Memory Analysis with Volatility.mp4

00:37
4. Section 2 Note Responder Actions.mp4

00:57
5. Incoming Alert What You Have.mp4

02:09
6. First Steps Reported Intrusion.mp4

01:10
7. Responder Action Network Flow Data.mp4

00:52
8. Discovery Findings Network Flow.mp4

01:59
9. Responder Action Proxy Logs.mp4

00:25
10. Discovery Findings Proxy Logs.mp4

01:47
11. Reported Intrusion Where Are We Now.mp4

00:39
12. Exploiting the URL for Tool Discovery.mp4

01:00
13. Pivoting on New Intelligence.mp4

01:18
14. Observing the Indicator Life Cycle.mp4

00:15
15. Reported Intrusion Where Are We Now.mp4

00:35
16. Reported Intrusion Where Do We Go.mp4

00:32
17. Kill Chain Completion.mp4

01:29
18. Exercise 22.mp4

00:26
19. Priority Intelligence Requirements in Exercise Scenario.mp4

00:18
20. Exercise 22 Takeaways.mp4

01:23
21. Phase 7 Actions on Objectives.mp4

00:30
22. Actions on Objectives Network Pivoting Overview.mp4

01:26
23. Actions on Objectives Host Pivoting Overview.mp4

00:43
24. Reported Intrusion C2 Victim Pivot FTP Flow Data.mp4

01:19
25. Responder Action Full Packet Capture.mp4

00:29
26. Reported Intrusion C2 Victim Pivot 1 FTP Network Traffic.mp4

01:02
27. Reported Intrusion C2 Victim Pivot 2 Flow Data to Known Malicious IPs.mp4

01:29
28. Reported Intrusion Victim Pivot 2 Proxy Search from Flow Data.mp4

02:10
29. Reported Intrusion Current Knowledge Gaps 1.mp4

00:48
30. C2 Decoding Overview.mp4

00:32
31. Reported Intrusion Memory Forensics 1.mp4

01:10
32. Reported Intrusion Memory Forensics 2.mp4

00:35
33. Phase 7 Discovery Disk Forensics 1.mp4

00:36
34. Phase 7 Discovery Disk Forensics 2.mp4

01:16
35. Responder Action Reverse Engineering.mp4

00:17
36. Exercise 23.mp4

00:40
37. Priority Intelligence Requirements in Ex 23.mp4

00:15
38. Exercise 23 Takeaways.mp4

01:04
39. Edison Malware Analysis RFI Response.mp4

02:34
40. Capabilities of scvhostexeFJerk.mp4

00:24
41. C2 Protocol for scvhostexeFJerk.mp4

00:48
42. C2 Decoding with CyberChef.mp4

00:55
43. C2 Decoding with Command Line and Scripting.mp4

01:17
44. The Beginning of a Persona.mp4

00:34
45. Exfil Documents.mp4

01:01
46. Where Do We Go.mp4

00:56
47. Reported Intrusion Current Knowledge Gaps 2.mp4

00:21
48. Moving into the System.mp4

00:11
49. Installation Findings.mp4

02:02
50. Responder Action Reverse Engineers RFIs.mp4

00:33
51. Reported Intrusion Current Knowledge.mp4

00:21
52. Phase 4 Exploitation Findings and Problems.mp4

01:18
53. Responder Action User Inbox Archive.mp4

00:25
54. Glancing Forward Phase 3 Findings.mp4

00:58
55. What Happened.mp4

01:16
56. Exercise 24.mp4

00:28
57. Priority Intelligence Requirements in Ex 24.mp4

00:12
58. Exercise 24 Takeaways.mp4

01:37

1. Handling Multiple Kill Chains.mp4

00:10
2. Where Are We and Where Do We Go 1.mp4

00:32
3. Reported Intrusion Current Knowledge Gaps.mp4

00:38
4. Reported Intrusion Phase 5 Findings Reprise.mp4

00:55
5. Reported Intrusion Current Knowledge.mp4

00:23
6. InstallationFindings.mp4

02:45
7. Where Are We and Where Do We Go 2.mp4

00:30
8. Phase 3 DeliveryFindings.mp4

00:45
9. The Time Card System.mp4

00:21
10. Reported Intrusion Where Are We and Where Do We Go.mp4

00:21
11. Kill Chain Sequencing.mp4

00:56
12. Visual Representation of Adversarys Efforts.mp4

00:24
13. Key Indicators and Insights from the Slides Intrusion.mp4

02:38
14. Exercise 25.mp4

00:45
15. Some Key Items Collected Out of the Intrusion.mp4

00:26
16. Priority Intelligence Requirements in Ex 25 1.mp4

01:09
17. Priority Intelligence Requirements in Ex 25 2.mp4

00:59
18. Key Indicators and Insights from the Exercises Intrusion.mp4

02:02
19. SANS DFIR.mp4

00:01
20. Here is my lens You know my methods Sherlock Holmes.mp4

00:01
21. COURSE RESOURCES AND CONTACT INFORMATION.mp4

00:01

3. Collection Sources

1. Collection Sources.mp4

00:35
2. Course Agenda.mp4

00:01
3. Section 3 Outline.mp4

00:51
4. Case Study HEXANE.mp4

00:25
5. HEXANE Background.mp4

02:22
6. HEXANE DanBot Header Metadata Compile Times and PDBs.mp4

01:28
7. HEXANE DanBot Header Metadata GUIDs.mp4

01:23
8. HEXANE DanBot Code Reuse.mp4

01:45
9. HEXANE DanBot Configuration Data.mp4

01:53

1. Collection Source Malware.mp4

00:18
2. Collection from Malware.mp4

05:01
3. The Human Fingerprints of Malware.mp4

00:21
4. Header Metadata.mp4

02:18
5. Code Reuse.mp4

01:37
6. Configuration Data.mp4

02:16
7. More Configuration Data Examples.mp4

01:38
8. Where Do You Get Malware.mp4

01:09
9. Commercial Dataset Example VirusTotal.mp4

01:07
10. VirusTotal Results.mp4

00:39
11. VirusTotal Details.mp4

00:46
12. VT Enterprise formerly VirusTotal Intelligence.mp4

00:46
13. DC3 Malware Configuration Parser.mp4

01:10
14. Malware Configuration Data from Dumping Tool.mp4

01:26
15. Exercise 31 Aggregating and Pivoting in Excel.mp4

02:57
16. Exercise 31.mp4

02:17
17. Key Indicators from Exercise 31.mp4

01:23
18. Compilation of SupplyDenn Intrusion Indicators from Ex 21 and Ex 31.mp4

00:59
19. Recap Indicators and Insights from the Day 2 Slides Intrusion.mp4

00:51
20. Combined View Leet.mp4

01:24

1. Collection Source Domains.mp4

00:24
2. Data Pivoting 1.mp4

00:29
3. Data Pivoting 2.mp4

01:45
4. Basic Most Pivotable Indicator Types.mp4

00:32
5. Data Pivoting Example 1.mp4

00:34
6. Data Pivoting Example 2.mp4

00:08
7. Data Pivoting Chart 2.mp4

00:33
8. C2 Domain Registration.mp4

00:33
9. Adversary Registered.mp4

03:05
10. Dynamic DNS Domains.mp4

00:28
11. DDNS Manager.mp4

00:15
12. DDNS for Adversaries.mp4

01:46
13. Legitimate but Compromised.mp4

02:12
14. Case Study Poison Hurricane.mp4

02:28
15. Autonomous System Number ASN Lookups.mp4

00:32
16. ASN Lookup asncymrucom.mp4

00:58
17. Passive DNS 1.mp4

01:17
18. Some PDNS Providers.mp4

00:46
19. Passive DNS 2.mp4

00:58
20. Example Mnemonic PDNS.mp4

00:51
21. Case Study Epic Turlas Out of This World C2.mp4

00:54
22. Epic Tula C2.mp4

03:14
23. For the Next Lab DomainTools.mp4

00:18
24. DomainTools Iris.mp4

00:21
25. DomainTools Search Tabs.mp4

00:20
26. DomainTools Pivot Engine.mp4

00:19
27. DomainTools Identifying New Indicators.mp4

00:42
28. Exercise 32 Expanding Intelligence Through Partners and OSINT.mp4

00:35
29. Exercise 32.mp4

00:50
30. New Intrusion Kirill Lazutin.mp4

03:09
31. Case Study GlassRAT.mp4

00:11
32. Case Study GlassRAT Campaign.mp4

01:00
33. GlassRAT C2 Overlap GlassRAT.mp4

02:02
34. GlassRAT Lessons Learned.mp4

00:15

1. Collection Source External Datasets.mp4

00:38
2. OpenSource Intelligence.mp4

02:04
3. Leveraging OSINT.mp4

02:49
4. Threat Data Feeds.mp4

04:20
5. Threat Intelligence Quotient TIQ Test.mp4

01:00
6. Measuring Threat Feeds.mp4

00:59
7. FireHOL IP Lists Threat Feed Analyzer.mp4

01:05
8. Collective Intelligence Framework.mp4

01:59
9. Creating Your Own OSINT Database.mp4

01:24
10. Additional OSINT OpenSource Tools.mp4

01:34
11. AlienVault OTX.mp4

00:38
12. Shodan.mp4

01:06
13. Geographical Information and Maps.mp4

00:54
14. GCHQs CyberChef.mp4

01:13
15. Exercise 33 Introduction.mp4

01:07
16. Exercise 33.mp4

00:07
17. Key Indicators from Exercise 33.mp4

03:06
18. Updated Leet View.mp4

00:40
19. Exercise 34 Leadin Ransomware.mp4

00:20
20. ThirdParty Phone Call.mp4

01:17
21. Priority Intelligence Requirement.mp4

00:58
22. For the Next Lab Recorded FutureHome Page.mp4

01:02
23. For the Next Lab Recorded FutureSearch Menu.mp4

00:28
24. Recorded Future Poison Ivy.mp4

01:12
25. Recorded Future Context.mp4

00:44
26. Exercise 34.mp4

00:38
27. Ex 34 Key Findings.mp4

02:17

1. Collection Source TLS Certificates.mp4

00:38
2. TLS Certificates.mp4

01:43
3. TLS Certificate Datastores.mp4

00:18
4. TLS Certificate Scan Providers.mp4

03:04
5. Searching Tips.mp4

00:20
6. Censysio Example SANS.mp4

01:05
7. Case Study CVE20141761.mp4

00:16
8. CVE20141761.mp4

00:31
9. Initial Pivoting.mp4

00:15
10. Collecting New Data.mp4

00:17
11. Identifying Links Between Data Points.mp4

00:37
12. Introducing TLS Cert.mp4

00:11
13. Identification of New Data.mp4

00:32
14. Unique Data from New Pivot Type.mp4

00:47
15. Maltego CaseFile.mp4

00:27
16. Maltego Entities and Links.mp4

00:36
17. Adding Entities to the Graph.mp4

00:37
18. Adding Links to the Graph.mp4

00:41
19. MovingManipulating Entities.mp4

00:53
20. Different Views.mp4

00:35
21. Exercise 35.mp4

00:46
22. Recap Indicators from Ex 21 and Ex 35.mp4

01:01
23. RECAP Kirill Lazutin.mp4

00:14
24. Merged View.mp4

02:12
25. SANS DFIR.mp4

00:01
26. COURSE RESOURCES AND CONTACT INFORMATION.mp4

00:14

4. Analysis and Production of Intelligence

1. Analysis and Production of Intelligence.mp4

01:01
2. Course Agenda.mp4

00:06
3. Section 4 Outline.mp4

03:03
4. Case Study Human Operated Ransomware.mp4

02:21
5. Human Operated Ransomware Operations.mp4

06:48
6. Wadhrama Attack Chain by PARINACOTA.mp4

00:07
7. Doppelpaymer Ransomware.mp4

02:29
8. Ryuk from TrickBot Infections.mp4

03:05
9. Make It Easy for Defenders.mp4

02:58
10. Example of Effective Visual Communication of TTPs.mp4

00:50
11. What Evil Looks Like.mp4

02:15

1. Exploitation Storing and Structuring Data.mp4

00:06
2. Storing Collected Intelligence.mp4

02:26
3. Storing Platforms.mp4

07:23
4. MISP.mp4

00:37
5. Creating an MISP Event.mp4

01:20
6. Visually Linking Indicators Between Events.mp4

00:36
7. Methods of Storing Best Practices.mp4

00:28
8. Leadin to Exercise 41.mp4

01:35
9. Exercise 41.mp4

00:44

1. Analysis Logical Fallacies and Cognitive Biases.mp4

00:52
2. Identifying and Defeating Bias.mp4

00:42
3. Logical Fallacies.mp4

08:11
4. Common CTI Informal Fallacies.mp4

06:14
5. Other Common Fallacies.mp4

03:55
6. Cognitive Biases.mp4

02:01
7. Mirror Image.mp4

05:53
8. AnchoringFocusing.mp4

01:42
9. Confirmation Bias.mp4

04:21
10. Congruence Bias.mp4

01:28
11. Hindsight Bias.mp4

07:08
12. Illusory Correlation.mp4

01:45
13. Case Study New York Stock Exchange NYSE Computer Glitch.mp4

04:06
14. Cum hoc ergo propter hoc.mp4

01:49
15. Case Study Turkey Pipeline Explosion.mp4

03:37
16. Bias and Experience.mp4

02:11
17. Exercise 42.mp4

04:21

1. Analysis of Competing Hypotheses 1.mp4

01:35
2. Analysis of Competing Hypotheses 2.mp4

02:51
3. 1 Enumerate Hypotheses.mp4

01:53
4. 2 Support the Hypotheses.mp4

02:10
5. 3 Diagnostics.mp4

03:34
6. 4 Refine the Matrix.mp4

01:15
7. 5 Prioritize the Hypotheses.mp4

01:25
8. 6 Determine Evidentiary Dependence.mp4

01:52
9. 7 Report Conclusions.mp4

01:26
10. Identify Milestones.mp4

01:01
11. Exercise 43.mp4

03:25

1. Analysis Different Types of Analysis.mp4

00:06
2. Leveraging Different Types of Analysis.mp4

00:51
3. Link Analysis.mp4

00:19
4. Common Link Analysis Tools.mp4

00:56
5. MaltegoCasefile Bubble Chart View.mp4

02:06
6. Data Analysis.mp4

00:56
7. Temporal Data Analysis 1.mp4

00:54
8. Temporal Data Analysis 2.mp4

01:04
9. Trend Analysis.mp4

01:11
10. Case Study Panama Papers.mp4

00:28
11. John Doe.mp4

01:35
12. The Challenge of Data.mp4

01:02
13. Example Link Analysis with Linkurious.mp4

01:02
14. Findings and Aftermath.mp4

03:27
15. CTI Angle IntelligenceDriven Hypothesis Generation.mp4

02:51
16. Exercise 44 Visualizing Large Datasets.mp4

00:43
17. Exercise 44.mp4

01:00

1. Analysis Clustering Intrusions.mp4

00:59
2. Style Guide.mp4

03:40
3. NamesIdentifiers.mp4

08:00
4. Risks of Clever Naming Conventions.mp4

01:11
5. MITRE ATTCK Groups Page.mp4

01:22
6. Rosetta Stone APT Groups and Operations Matrix.mp4

04:11
7. There is No OnetoOne Mapping.mp4

01:55
8. OnetoOne Mapping Issues Example.mp4

08:48
9. Confidently Correlating Clusters.mp4

00:25
10. ACH for IntrusionCluster Correlation.mp4

00:29
11. The Basics.mp4

00:15
12. Categorize Evidence Using Kill Chain and the Diamond Model.mp4

02:35
13. Enumerating IntrusionCampaign Hypotheses.mp4

00:35
14. External Intrusion Reports.mp4

01:23
15. Diamond Model Deeper Dive MetaFeatures.mp4

01:58
16. Creating an Activity Group.mp4

09:02
17. Different Examples of Diamond Models for Different Reqs.mp4

01:32
18. Recap of K Lazutin.mp4

01:52
19. New Intrusion Does it Fit.mp4

03:33
20. Adding Intrusions to the Diamond Model Creating a Group.mp4

02:23
21. Introducing PINKIEPIE.mp4

01:15
22. Shortcut The Rule of 2.mp4

01:09
23. Rule of 2 Forming an Activity Group.mp4

02:07
24. When to Retire Clusters.mp4

02:13
25. Case Study APT10 and APT31.mp4

02:31
26. Recorded Future and Rapid7 Attributed Breaches to APT10.mp4

02:13
27. Group Names are Definitions not Often Publicly Known.mp4

02:46
28. The Problem Isnt just a Recorded Future Rapid7 Problem.mp4

02:20
29. Everyones a Little Wrong.mp4

02:47
30. Ex 45 Lead In.mp4

00:40
31. Top Energy Intrusion.mp4

01:33
32. Recap of Top Energys Key Indicators from Day 2.mp4

00:50
33. New Intrusion 1 Key Indicators.mp4

01:23
34. New Intrusion 2 Key Indicators.mp4

00:51
35. Which Intrusion Overlaps.mp4

03:10
36. Introducing RAINBOWDASH Activity Group.mp4

01:07
37. Exercise 45 Leadin.mp4

00:16
38. Recap of Leet Intrusion Set.mp4

01:14
39. Exercise 45.mp4

01:41
40. SANS DFIR.mp4

00:01
41. COURSE RESOURCES AND CONTACT INFORMATION.mp4

00:27

5. Dissemination and Attribution

1. Dissemination and Attribution.mp4

00:42
2. Course Agenda.mp4

00:12
3. Section 5 Outline.mp4

01:17
4. Case Study Axiom.mp4

00:44
5. PlugX.mp4

04:29
6. Hikit Malware.mp4

00:48
7. Hikit Malware and Bit9.mp4

02:14
8. Axiom.mp4

03:59
9. Interesting Attributes.mp4

01:15
10. Lessons Learned.mp4

05:55

1. Dissemination Tactical.mp4

00:01
2. Know the Audience.mp4

06:28
3. YARA.mp4

01:35
4. Sample YARA Rule.mp4

02:21
5. YARA Key Points.mp4

00:14
6. Hex Special Values.mp4

02:23
7. More Complex YARA Rules.mp4

01:53
8. Sample YARA Rule Uncommon File Size.mp4

01:42
9. Sample YARA Rule GlassRAT.mp4

01:07
10. Sample YARA Rule Sofacy.mp4

00:18
11. Sample YARA Rule Sofacy from the German Parliament Campaign.mp4

00:34
12. Validating Signatures and IOCs.mp4

00:07
13. Exercise 51.mp4

02:15
14. Case Study HackingTeam.mp4

11:32
15. Case Study HackingTeam 1.mp4

03:12
16. Case Study HackingTeam 2.mp4

01:05
17. HackingTeam Isnt Alone.mp4

00:37
18. HackingTeams Compromise and Mercenary Group Takeaways.mp4

02:49

1. Dissemination Operational.mp4

00:01
2. Operational Threat Intelligence.mp4

00:38
3. Communicating About Adversary Operations.mp4

02:13
4. Partners and Collaboration.mp4

00:18
5. NationalLevel Government Information.mp4

01:29
6. ISACs and ISAOs.mp4

01:29
7. Additional Resources.mp4

01:14
8. STIXTAXII.mp4

04:33
9. TAXII Implementations.mp4

02:40
10. STIX 21 Objects.mp4

00:48
11. STIX 2.mp4

02:09
12. Methods of Sharing Best Practices.mp4

01:14
13. Exercise 52 Introduction.mp4

00:37
14. Exercise 52.mp4

00:56
15. Woe the Lowly Metric.mp4

04:52
16. Why You Should Embrace Metrics.mp4

00:28
17. Campaign Heatmap.mp4

04:42
18. Organizational Heat Maps.mp4

03:48
19. Incident OneSlider.mp4

01:55
20. Incident OneSlider With Multiple.mp4

02:31
21. Mitigation Scorecard.mp4

02:35
22. Email Delivery Success.mp4

01:02
23. Analytical Completeness.mp4

03:34
24. Case Study Metrics from CTI Summit.mp4

02:17
25. Exercise 53 Gaining Historical Perspective.mp4

00:59
26. Exercise 53.mp4

02:10

1. Dissemination Strategic.mp4

00:31
2. Strategic Threat Intelligence.mp4

03:00
3. Example Outcome Indictments.mp4

08:45
4. Making the Business Case for Security.mp4

02:03
5. Expectations.mp4

02:29
6. Lessons from the Field Shoe Company and AntiHype.mp4

05:25
7. ReportsNarrativeForm Intelligence.mp4

01:43
8. Observation Versus Interpretation.mp4

00:53
9. Estimative Language.mp4

01:25
10. Estimative Scales.mp4

00:48
11. ALWAYS REMEMBER.mp4

01:30
12. Diamond Model and Analytic Findings.mp4

00:58
13. Confidence Assessments.mp4

05:38
14. Constructing Assessments.mp4

01:01
15. Tips on Effective Report Writing.mp4

08:48
16. InClass Exercise.mp4

00:01
17. Proofpoints North Korea Bitten by Bitcoin Bug.mp4

02:36
18. Proofpoints North Korea Report Pros and Cons.mp4

03:04
19. Norses Iran CIB.mp4

00:15
20. Iran CIB Pros and Cons.mp4

19:25
21. Kasperskys Equation Group Optional.mp4

00:26
22. Equation Group Pros and Cons Optional.mp4

00:53
23. Case Study APT10 and Cloud Hopper.mp4

01:16
24. APT10 and the Chinese State.mp4

04:35
25. APT10 and the US Government.mp4

01:10
26. Indictments for Attribution APT10.mp4

02:49
27. Indictments for TTP Discovery APT10.mp4

02:59
28. Indictments for IOC Discovery APT10.mp4

01:01
29. Cloud Hopper.mp4

01:46
30. Observations for CTI Analysts Communicating Broadly.mp4

00:51
31. Observations for CTI Analysts Human Fingerprints.mp4

01:43
32. Observations for CTI Analysts Timelines.mp4

01:08
33. Observations for CTI Analysts Closing Thoughts.mp4

00:50

1. A Specific Intelligence Requirement Attribution.mp4

01:57
2. Attribution as an Intelligence Requirement.mp4

10:48
3. On Attribution.mp4

02:42
4. Four Approaches to True Attribution.mp4

06:47
5. The Simpsons Did It.mp4

09:09
6. Achieving the Value of Attribution without Attribution.mp4

05:39
7. Example Use Cases of Attribution.mp4

02:48
8. Attribution Is Never Straightforward.mp4

04:59
9. Example Merged State and Criminal Activity.mp4

01:42
10. Geopolitical Conflict Intersects Cyber.mp4

02:17
11. Challenges in Observing the Adversarys Intel Life Cycle.mp4

00:56
12. Deriving Intent.mp4

04:17
13. The Basics of State Attribution.mp4

01:38
14. Analytical Model for Each Entity.mp4

00:59
15. Categorize Evidence Using Threat Definition.mp4

00:38
16. Understanding Opportunity.mp4

01:09
17. ACH Matrix Template for State Attribution.mp4

01:15
18. Be Prepared for Information to Change.mp4

01:28
19. CaseStudy Soviet Disinformation Operations.mp4

03:01
20. False Flags.mp4

00:26
21. False Flag Example South Korean Winter Olympics.mp4

03:31
22. Coming to the EndReassess Intelligence Requirements.mp4

00:54
23. Case Study Lazarus Group.mp4

00:22
24. Operation Troy and Attacks on South Korean Organizations.mp4

01:17
25. The Sony Attack.mp4

02:37
26. Government Attribution.mp4

07:09
27. WannaCry Connections.mp4

00:11
28. Overlaps in the Intrusions.mp4

00:08
29. The Making of a Group Lazarus.mp4

00:52
30. Problem with Extending Too Far.mp4

00:46
31. Exercise 54.mp4

01:20
32. SANS DFIR.mp4

00:01
33. COURSE RESOURCES AND CONTACT INFORMATION.mp4

00:28

6. Capstone

1. Day 6 Capstone.mp4

01:44

2. Capstone The Goals.mp4

01:21

3. Capstone What to Know To Have Fun.mp4

02:15

4. Capstone How to Win.mp4

02:07

5. Scenario Background.mp4

00:33

6. VI Capstone.mp4

00:37

7. You.mp4

00:28

8. The State Actors.mp4

01:02

9. The NonState Actors.mp4

00:50

10. Scenario Objectives.mp4

01:15

11. Your Resources.mp4

01:55

12. Capstone.mp4

13:42

13. Baby Yoda.mp4

00:25

14. Incorporate the Fifteen Axioms for Intelligence Analysts.mp4

05:58

15. Thanks for Coming.mp4

08:51

16. SANS DFIR.mp4

00:31

File

Books.zip

Day 1.mp4

08:10:59

Day 2.mp4

08:11:34

Day 3.mp4

08:05:05

Day 4.mp4

07:06:00

Day 5.mp4

08:04:21

Day 6.mp4

06:24:11

FOR578-23812170.zip

USB.zip

UTF-8=578.21.2.iso

old-sku.txt

utf-8=578.21.2.zip

More details

User Reviews

Rating

average 0

Total votes0

Focused display

The SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing.