Intelligence

CTI SquadGoals — Setting Requirements

Transform vague security concerns into specific, actionable intelligence requirements that drive results.

Introduction to DFIR

Comprehensive guide to starting a career in Digital Forensics and Incident Response with practical resources.

The Intelligence Cycle diagram with six steps

Intelligence Concepts — The Intelligence Cycle

Explains the Intelligence Cycle’s six steps with hands-on examples from tracking APT groups.

FIRST 2015

FIRST 2015 Berlin conference preview with talk recommendations on threat intelligence and incident response.

F3EAD cycle diagram showing Find Fix Finish Exploit Analyze Disseminate

Intelligence Concepts — F3EAD

F3EAD methodology: combining military operations with intelligence cycles for effective incident response.

Maltego graph visualization interface showing entity relationships

Maltego Transforms for the Lazy

Step-by-step guide to building custom Maltego transforms with Python examples and automation tips.

APT is a Who not a What… And Why it doesn’t Matter

A small number of topics get intelligence driven incident responders incredibly frustrated. Using intelligence to mean smart (I’ll share more about that later this week).

OODA Loop diagram showing Observe Orient Decide Act cycle

Intelligence Concepts - OODA

Understanding the OODA Loop for faster incident response and security decision-making cycles.

Dark silhouette of a hooded hacker at a computer

The Perils of (Mis)Attribution

The challenges of cybersecurity attribution: incomplete data, easy spoofing, and avoiding bias in threat analysis.

Hubot chatbot interface showing ChatOps workflow in action

Using Robots to Fight Bad_Guys

ChatOps for DFIR: Using Hubot to automate security operations through chat interfaces and GitHub workflows.