Introduction to DFIR

One of my favorite things is talking to students and people new to the security field. It feels like yesterday I was wandering around the first Shmoocon as a student in awe of the people I met and the work they were doing. Now I’m 10 years into my career and have a whole different perspective (though still in awe with those folks). Starting a career in infosec isn’t easy and while there are better general introductions I wanted to add my perspective on getting started in Digital Forensics and Incident Response (DFIR)....

January 11, 2016 · 15 min · Scott J Roberts

Intelligence Concepts — The Intelligence Cycle

I can’t talk about important intelligence concepts for security without talking about the grand daddy, the original: the Intelligence Cycle. This should be great discussion fodder for anyone who has to talk to someone who claims they’re selling some form of Threat Intelligence product, given in most cases they seem to be using the phrase in place of the word smart. Intelligence vs smart couldn’t be farther from the truth....

December 16, 2015 · 8 min · Scott J Roberts

FIRST 2015

I’m lucky enough to get to go to FIRST 2015 in Berlin. I’ll be speaking on Tuesday afternoon, but one of the best things about conferences like this is being able to attend other sessions. I’ve never been to FIRST before, and this year looks jam packed. Here are the talks I’m most excited about and you’ll be likely to find me in. Monday June 15: Time Presentation Presenter Notes 11:00   Building instantly exploitable protection for yourself and your partners against targeted cyber threats using MISP Mr....

June 11, 2015 · 6 min · Scott J Roberts

Intelligence Concepts — F3EAD

One of the most talked-about intelligence concepts in information security today is F3EAD. Standing for Find, Fix, Finish, Exploit, Analyze, and Disseminate, this is a methodology for combining operations (in this case we’re talking about kinetic ops) and the intelligence process. While the Intelligence Cycle & SANS IR cycle are both useful, they are ultimately academic. If the goal is Intelligence-Driven Incident Response, we need to combine intelligence with ops, and that’s where F3EAD shines....

March 24, 2015 · 4 min · Scott J Roberts

Maltego Transforms for the Lazy

While I certainly didn’t plan to release this post the same day Paterva released their latest update, Maltego Chlorine, it’s a happy coincidence. It’s a great day to go download fresh Maltego hotness and start writing some transforms! Maltego is one of the most unusual tools in the information security space. While there are dozens of vulnerability scanners and piles of reversing tools, there’s nothing else like Maltego short of spending $$$ on Palantir....

March 3, 2015 · 6 min · Scott J Roberts