Getting Started with Synapse

If you care about intelligence analysis and management tools (and I presume you do) you’ve hopefully heard about the Vertex Project’s Synapse intelligence… thing. Synapse starts as a little abstract, but once you understand you’ll see it’s a powerful intelligence workbench and data fusion system. I’m here to say it’s actually far easier than you think, worth the time you’ll put in, and ultimately you’ll find yourself doing far more accurate, fast, and comprehensive analysis....

November 2, 2021 · 13 min · Scott J Roberts

Burnt TIPs

Special Thanks to Ryan Kovar for the photo & delicious dinner. This is going to be one of those highly metaphor-driven posts I’ve done before (like using Hamilton in Waiting vs Passivity in DFIR). Bail out now or prepare to discuss where threat intel and American BBQ run into each other! What you call something matters in sharing it with others and framing intelligence programs. And lunch orders…...

July 31, 2021 · 7 min · Scott J Roberts

Familiarity Breeds Contempt: APT Edition

Here’s a familiar scenario: A new threat is being whispered about. Maybe your office has someone with special access of some kind and they’re being a bit more secret squirrely than usual. The mailing lists you’re on are a buzz about a new piece of malware or vendor code name. You keep hearing about a paid only report that tells all. APT 46: EMPEROR PENGUIN is coming! When your boss asks about EMPEROR PENGUIN you have to say you don’t know much… but you’ve heard they’re very good, very advanced, well funded, with great opsec… obviously a serious threat aimed at hard targets (which your organization obviously is)....

August 4, 2017 · 7 min · Scott J Roberts

CTI Reading List

A few weeks ago while teaching SANS FOR578 one of my students asked a great question by a student: What books or papers should a new cyber threat intelligence analyst read first? It’s a question I’d meant to answer before so instead of just sending back an email (I mean, I emailed back, HI MATT, but along with that) I figured I’d write up my list and have something to reference next time I get asked....

July 18, 2017 · 7 min · Scott J Roberts

United States Response to Grizzly Steppe

Kremlin from the River. Source: Wikipedia. Here it is. After weeks of wondering if and how the United States Government might respond the United States White House, State Dept, Treasury, and US-CERT have released information on and sanctions against the Russian government’s efforts to influence the United States elections. I offer all this without too much analysis given I’ve just seen it myself and expect it will take a long time to digest....

December 29, 2016 · 4 min · Scott J Roberts