Cyber Threat Workshop - Know Your Surroundings (Security Operations Intelligence)

This workshop is dedicated to the fourth principle: Know Your Ever-Changing Surrounding (Security Operations Intelligence), and will examine how to operationalize insights, determine the infrastructure chains of threat actor infrastructure, and the threat actor tooling in the global attack surface targeting your organization.

Our experts will demonstrate utilizing vulnerabilities in publicized attacks to determine the scope of the attacks and determine if you or any partners you rely upon are affected or can become potential victims. The RiskIQ API will be utilized to analyze large amounts of data to quickly and accurately determine the reputation of hosts and IP addresses to identify active and past threats that incident responders can use.

Our team will analyze and investigate publicized attacks to determine the threat actors, tooling, attack vectors used, and some ways to identify, stop and prevent these types of attacks. Attendees will gain expertise and knowledge to allow a thorough investigation of these attacks and scale the quantity and quality of their investigations.

We will explore publicized recent vulnerabilities and determine the global scale of the issue, determine if you or your partners are victims or could be affected. We’ll use RiskIQ Illuminate and RiskIQ’s API to determine the steps needed for an investigation and then create a Jupyter Notebook to scale the investigation and make it repeatable for others. We’ll also analyze attack surfaces for vulnerabilities and prioritize them based upon risk and known active exploits across the attack surface.

Hands-on labs and exercises will show how to expose real-life malicious and risky applications, hosts, domains, and components from services to silicon—every layer of your exploitable attack surface.

Link to Jupyter Notebooks used in this workshop

Know Your Ever-Changing Surroundings

Too Slow To React to Vulnerabilities
Article – The Daily Swig – Malicious hackers are exploiting known vulnerabilities because organizations aren’t quick enough to patch – report
Is our organization affected by this?
Are our partners affected by this, and therefore affect our organization?

Where to go from here?
Guided Investigation where to go next utilizing reputation scores in investigations (what host pairs are linking to bad domains?

Legit or Not
Which Netflix domain or not?
Is the domain good or bad and why?
Be the first to comment