-
Notifications
You must be signed in to change notification settings - Fork 4
3: Collection Sources
Cyber Threat Intelligence analysts must be able to interrogate and fully understand their collection sources. Analysts do not have to be malware reverse engineers as an example but they must at least understand that work and know what data can be sought. This section continues from the previous one in identifying key collection sources for analysts. There is also a lot of available information on what is commonly referred to as open-source intelligence (OSINT). In this section students will learn to seek and exploit information from Domains, External Datasets, Transport Layer Security/Secure Sockets Layer (TLS/SSL) Certificates, and more while also structuring the data to be exploited for purposes of sharing internally and externally.
- E09-Open-Source Intelligence and Domain Pivoting in DomainTools
- E10-Maltego Pivoting and Open-Source Intelligence
- E11-Sifting Through Massive Amounts of Open-Source Intelligence in RecordedFuture
- E12-TLS Certificate Pivoting
- E13-Storing Threat Data and Information in a Malware Information Sharing Platform (MISP)
Case Study: Axiom Collection Source: Domains Domain Deep Dive Different Types of Adversary Domains Pivoting off of Information in Domains Case Study: GlassRAT Collection Source: External Datasets Building Repositories from External Datasets Open-Source Intelligence Collection Tools and Frameworks Collection Source: TLS Certificates TLS/SSL Certificates Tracking New Malware Samples and C2 with TLS Pivoting off of Information in TLS Certificates Case Study: Trickbots Exploitation: Storing and Structuring Data Storing Threat Data Threat Information Sharing MISP as a Storage Platform