±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 2 Overall: 35989
New Yesterday: 3 Visitors: 129

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Indicators of Compromise

Discussions related to Forensic Focus webinars. Please use the appropriate topic for each webinar.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

scar
Forensic Focus
 

Indicators of Compromise

Post Posted: Nov 17, 15 20:23

Please use this topic for discussion of the webinar

Indicators of Compromise: What's Interesting, What's Not and What Else Is Needed

Presenters: Brandon Dunlap, Managing Director of Research, Brightfly; Ismael Valenzuela, IR Technical Practice Mgr, Foundstone; Mat Gangwer, Information Security Analyst, Rook Security  
 
  

keydet89
Senior Member
 

Re: Indicators of Compromise

Post Posted: Nov 17, 15 20:41

The very first question about IoCs, and Ismael's response centers around IP addresses and hashes.

I'm sorry...that's just the wrong way to start with this sort of thing. I didn't even make it to 4 minutes before I had to stop listening.  
 
  

jaclaz
Senior Member
 

Re: Indicators of Compromise

Post Posted: Nov 17, 15 22:36

Looking at the transcript it seems like a bunch of guys patting each others on the shoulders and congratulating each other for the fluff (obviously filled up to the brim with high sounding and unreferenced acronyms) they randomly and vaguely refer to. Shocked

Besides the [indecipherable]'s, [laughs] and [crosstalk] which make most sentences/interventions void of any meaning, the whole discussion is so vague and generic that overall it provided (at least to me) nothing of value in terms of "news" or "knowledge". Sad

Maybe it is the form of "talk show" that provokes it, and maybe the way the transcript has been made is part of the issue, but I do have the impression of having read the transcript of *any* generic conversation taking place at the dinner table between a bunch of (geekish) friends, discussing superficially or chit-chatting on*any* given topic, through unreferenced anecdotes and common, obvious, considerations, as overheard from another table in the restaurant.

I have no idea what a CPE point is, but if that thing has a value of 1 point, there are several threads and articles here on forensic focus that should have 10, 100 or 1000 points if compared to that.

I mean (example, but there are several other similar snippets):
Brandon: [laughs] Most definitely. I know I’m looking forward to it. But I think that’s very good advice. You can take a step-wise approach to this. You don’t have to drink from the fire hose all at once. So definitely words of wisdom in there.

Well, Ismael, thanks again for Intel’s continued support of the program and your time as well. What would you like to send us out on here, for a high note?

Ismael: Well, I think [indecipherable] but what I would say is we have to fight a lot of noise. So focus on what matters to your business, your organization. Try to determine how to best build some context around your [continuous] monitoring or your incident response program, and try to do some practice hunting, even if it’s just a little bit, a few minutes a day. It can go a long way in improving your capabilities, your skills, and you’re going to learn a lot. But again, as we said before, do not do that on a Friday [indecipherable].

Brandon: [laughs]

Ismael: And the rest of the weekend. [laughs]

[crosstalk]

Question

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

jhup
Senior Member
 

Re: Indicators of Compromise

Post Posted: Nov 25, 15 20:34

"Where is the beef?" - Clara Peller  
 

Page 1 of 1