Raiders of the Lost ARP

Amateur Security Archaeologists, trying not to break things.

Tag: SOC (Page 1 of 3)

AI-generated image of a bounty hunter from a galaxy far far away trying to learn about Cyber Threat Intelligence via their computer.
One sec, I think some scruffy-looking nerf herder just tripped my honeypot!

This is the Way: Beginning my Cyber Threat Intelligence Journey

January 29, 2024 /

I have gotten older, I find I’m less eager learn the depths of every technical solution, and have been searching for my happy place. Since my SANS studies, I have gravitated towards an area that is – from what I can see – fun as heck. That area? Cyber Threat Intelligence (CTI). My rookie impression is that this vast world is understaffed and under-supported, and this might be because organizations are so busy looking for operators that they don’t classify this role as mission critical. Fast forward to today: I spent a good part of the day listening into the SANS CTI Conference virtually, and I took away two things. First, there are some wicked sharp folks who have a passion in this area. Second, while I am not likely to become a full-fledged CTI professional, I sure want to learn more and incorporate what I can to help organizations see CTI’s value. This post launches my cyber threat intelligence journey.

Continue reading
AI-generated image of a hacker in an aloha shirt trying like crazy to put together a very complex puzzle of all of MITRE ATT&CK's related projects.
MITRE sent me an easy puzzle, but the community blew up the piece count!

Power-up your security: Mapping ATT&CK’s massive ecosystem

January 14, 2024 /

If you are a security professional, MITRE’s ATT&CK is everywhere these days. Even in places it does not belong! That being said, there are a ton of tools, projects, and extensions to ATT&CK. Some are fundamental (like Navigator) while others are niche. How do we tell what is right for us? What projects are essential to power up your security program? For my upcoming Cisco Live presentation in February, I take a crack at mapping ATT&CK’s massive ecosystem to roles and functions. Am I off to a good start? Let’s me share how I tackled this and you can let me know!

Continue reading
AI-generated image of a hacker in a hoodie playing an upright bass
Something about that bass-player's groove was just off...

Friend or foe? How killer baselines improve security outcomes

January 8, 2024 /

A month ago, we talked about how visibility can make us more frustrating victims to our adversaries. It makes sense – easy marks are those who don’t see that they are victims in the first place! Take victims of physical (traditional) crime. Burglers love a target who isn’t using alarm systems, cameras, or even their own eyes and ears to actively detect incursions. But having eyes and ears isn’t what makes you formidable. It is that you have those sensory inputs AND you know how to interpret what they are saying and how they respond. Do you know how to discern bad behavior from the norm and know how to tell between friend and foe? And do you know what the right response is based on that proper interpretation? We’re going to tackle the first question here today as we discuss how killer baselines improve security outcomes.

Continue reading
Picture of an analyst standing below a cybersecurity diamond oracle. Rendered by Midjourney AI.
🎶 Carbanak in the sky with diamonds...🎶

Best Friends: What makes the Diamond Model a useful threat modeling tool for analysts?

November 29, 2023 /

We’ve covered a lot of different angles to threat modeling. The main takeway for me is that there is no “best approach” – pick what makes sense to you! How you justify that is up to you, and hopefully less controversial than John Lennon’s denial that “Lucy in the Sky with Diamonds” was about LSD. Here we’re talking about the Diamond Model of Intrusion Analysis. This model describes an active event under investigation, but it is mentioned here because it is helpful to understand how this information so directly links to the other models we’ve discussed before. So what makes the Diamond Model a useful threat modeling tool for analysts on the front line?

Continue reading

A Retro Feast for the Family: The Cyber Kill Chain

November 22, 2023 /

Americans reading this may be like me and headed towards a food coma. My gift to you? I give you a crowd-pleasing topic for family banter. Rather than argue over controversial topics, avoiding Aunt Mildred’s hugs, or snoozing through a futile Cowboys game, cook up a retro feast for the family with the Cyber Kill Chain! If you’ve seen the “Fishes” episode of The Bear, you know how bad things can get. So consider this your safe topic, one everybody can enjoy. Your kids will thank you. Your family will be prepared to defend against nation state threats while bickering over the wishbone. Relative peace AND security? You’re welcome.

Continue reading
« Older posts

© 2025 Raiders of the Lost ARP

Theme by Anders NorenUp ↑

Verified by MonsterInsights