Scribd
Upload
365 views106 pages

2.0 Threat Intelligence

Uploaded by

rsegrest
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
365 views106 pages

2.0 Threat Intelligence

Uploaded by

rsegrest
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 106

CHAPTER

2
Threat
Intelligence

TESTOUT CYBERDEFENSE PRO


2.1 THREAT INTELLIGENCE

Penetration
Testing and
Threat
Hunting

TESTOUT CYBERDEFENSE PRO


Key Terms
Penetration testing
Indicators
Threat actors

TESTOUT CYBERDEFENSE PRO


Key Definitions
Penetration testing: The practice of finding vulnerabilities and risks
with the purpose of securing the computer or network system.
Indicators: Indicators are bits of information that can be used to identify
or describe a known threat. Indicators could include unusual activity, a
unique filename, attack methods, or malicious commands.
Threat actors: A threat actor is a person or organization that threatens
another person’s or organization’s security.

TESTOUT CYBERDEFENSE PRO


Penetration Test Process and Types

ESTOUT CYBERDEFENSE PRO


Penetration Testing
Find vulnerabilities and risks
Simulate an actual attack
Detect potential weaknesses
Fix security gaps

TESTOUT CYBERDEFENSE PRO


Planning
Timing
Scope
Authorization

TESTOUT CYBERDEFENSE PRO


Information Sources
Websites or sales materials
Social engineering
Public records
Port scans
Vulnerability scans

TESTOUT CYBERDEFENSE PRO


Information Gathering
Employees
Organizational hierarchy
Vendors
Applications
Operating systems
Hardware

TESTOUT CYBERDEFENSE PRO


Execution
Access targeted systems
Escalate privileges
Explore the system
Use pen testing tools

TESTOUT CYBERDEFENSE PRO


Penetration Test Process and Types

TESTOUT CYBERDEFENSE PRO


Penetration Test Process and Types

TESTOUT CYBERDEFENSE PRO


Penetration Test Process and Types

TESTOUT CYBERDEFENSE PRO


Pen Testing Types
Black box
White box
Gray box

TESTOUT CYBERDEFENSE PRO


Summary
Penetration testing
Pen testing process
Pen testing types

TESTOUT CYBERDEFENSE PRO


Threat Data and Intelligence

ESTOUT CYBERDEFENSE PRO


Threat Data and Intelligence

TESTOUT CYBERDEFENSE PRO


Threat Data and Intelligence

TESTOUT CYBERDEFENSE PRO


Threat Data and Intelligence

TESTOUT CYBERDEFENSE PRO


Threat Data and Intelligence

TESTOUT CYBERDEFENSE PRO


Threat Data and Intelligence

TESTOUT CYBERDEFENSE PRO


Threat Data and Intelligence

TESTOUT CYBERDEFENSE PRO


Threat Data and Intelligence

TESTOUT CYBERDEFENSE PRO


Threat Data and Intelligence

TESTOUT CYBERDEFENSE PRO


Open-Source Intelligence
Available to public
Publicly gathered
Government-hosted
Industry-hosted

TESTOUT CYBERDEFENSE PRO


Closed-Source Intelligence
Private organizations
Private research
Sold by security companies
Contains proprietary info

TESTOUT CYBERDEFENSE PRO


Summary
Threat classifications
Intelligence sources
Intelligence considerations

TESTOUT CYBERDEFENSE PRO


Security Intelligence Cycle

ESTOUT CYBERDEFENSE PRO


Requirements
Consider recent attacks
Review risk assessment
Research current trends
Verify access to data
Gather additional data
Verify any restrictions

TESTOUT CYBERDEFENSE PRO


Collection
Gather internal data
Gather external data
Prepare data for analysis

TESTOUT CYBERDEFENSE PRO


Dissemination
Strategic intelligence
Tactical intelligence
Operational intelligence

TESTOUT CYBERDEFENSE PRO


Security Intelligence Cycle

TESTOUT CYBERDEFENSE PRO


Feedback
What was missed?
Which sources were valuable?
What can be improved upon?

TESTOUT CYBERDEFENSE PRO


Summary
Requirements
Collection
Analysis
Dissemination
Feedback

TESTOUT CYBERDEFENSE PRO


Threat Hunting Overview

ESTOUT CYBERDEFENSE PRO


Threat Hunting Overview

TESTOUT CYBERDEFENSE PRO


Threat Hunting
Reduce attack surface
Bundle critical assets
Integrated intelligence
Improve detection

TESTOUT CYBERDEFENSE PRO


Summary
Threat hunting overview
Benefits of threat hunting

TESTOUT CYBERDEFENSE PRO


Threat Actor Types

ESTOUT CYBERDEFENSE PRO


Threat Actor Types

TESTOUT CYBERDEFENSE PRO


Threat Actor Types

TESTOUT CYBERDEFENSE PRO


Threat Actor Types

TESTOUT CYBERDEFENSE PRO


Hacktivist
Defaces websites
Denial-of-service attacks
Protests
Seeks public attention

TESTOUT CYBERDEFENSE PRO


Nation-State Hacker
Works for governments
Political or economic gain
Targets critical systems

TESTOUT CYBERDEFENSE PRO


Criminal Organizations
Wider range of targets
Easier to cover tracks
Prosecution is difficult

TESTOUT CYBERDEFENSE PRO


Internal Threats
Intentional internal threats
Unintentional internal threats

TESTOUT CYBERDEFENSE PRO


Summary
Hacker types
Threat actor types

TESTOUT CYBERDEFENSE PRO


Class Discussion
Where can a penetration tester gather information about a target
network?
What are the four steps involved in the attack phase of penetration
testing?
What are the three types of penetration testing?
What types of sources can be used for intelligence gathering?

TESTOUT CYBERDEFENSE PRO


Class Discussion
What are zero-day threats, and why are they particularly dangerous?
Why do some organizations choose to keep their threat intelligence
private?
What are the five phases of the security intelligence cycle?
What are the benefits of threat hunting?
What are the two types of internal threat actors?

TESTOUT CYBERDEFENSE PRO


2.2 THREAT INTELLIGENCE

Organizational
Security

TESTOUT CYBERDEFENSE PRO


Key Terms
Threat actor

TESTOUT CYBERDEFENSE PRO


Key Definitions
Threat actor: A threat actor is an individual or an organization that
threatens an organization's security.

TESTOUT CYBERDEFENSE PRO


Attack Frameworks

ESTOUT CYBERDEFENSE PRO


Attack Frameworks
Kill Chain
MITRE ATT&CK Framework
Diamond Model

TESTOUT CYBERDEFENSE PRO


Attack Frameworks

TESTOUT CYBERDEFENSE PRO


Reconnaissance
Targets selected
Attack vectors identified
Total attack surface mapped

TESTOUT CYBERDEFENSE PRO


Weaponization/ Delivery
PDF files
Image files
Word documents
Websites
Email attachments

TESTOUT CYBERDEFENSE PRO


Exploitation/ Installation
Weaponized file is executed
Weapon is installed
Backdoor is installed

TESTOUT CYBERDEFENSE PRO


Actions on Objectives
Intrusion
Extract information
Destruction
Pathway to final target

TESTOUT CYBERDEFENSE PRO


Diamond Model
Infrastructure
Adversary
Capability
Victim

TESTOUT CYBERDEFENSE PRO


Attack Frameworks

TESTOUT CYBERDEFENSE PRO


Attack Frameworks

TESTOUT CYBERDEFENSE PRO


Summary
Kill chain process
MITRE ATT&CK framework
Diamond Model

TESTOUT CYBERDEFENSE PRO


Threat Research

ESTOUT CYBERDEFENSE PRO


Reputational Research
Search for threat indicators
Compare to reputational data
Collect data about the threat

TESTOUT CYBERDEFENSE PRO


Indicators of Compromise
Unusual emails
Unusual registry updates
Unusual system changes
Unauthorized software
Unauthorized files
Unauthorized hardware
Unauthorized access

TESTOUT CYBERDEFENSE PRO


Threat Research

TESTOUT CYBERDEFENSE PRO


Threat Research

TESTOUT CYBERDEFENSE PRO


Summary
Reputational threat research
Indicators of compromise
Behavioral threat research

TESTOUT CYBERDEFENSE PRO


Threat Modeling

ESTOUT CYBERDEFENSE PRO


Risk Considerations
What is worth protecting?
What am I protecting it from?
Will I need protection?
What if I fail to protect data?
Are controls in place?
How much am I willing to do?

TESTOUT CYBERDEFENSE PRO


Modeling Methodologies
Adversary capability
Total attack surface
Attack vector
Impact
Likelihood

TESTOUT CYBERDEFENSE PRO


Threat Modeling

TESTOUT CYBERDEFENSE PRO


Threat Modeling

TESTOUT CYBERDEFENSE PRO


Attack Vector Analysis
Cyber
Human
Physical

TESTOUT CYBERDEFENSE PRO


Threat Modeling

TESTOUT CYBERDEFENSE PRO


Threat Modeling

TESTOUT CYBERDEFENSE PRO


Likelihood Analysis
Motivation
Emerging trends
Recent attacks
Controls’ effectiveness

TESTOUT CYBERDEFENSE PRO


Summary
Adversary capability analysis
Total attack surface analysis
Attack vector analysis
Impact analysis
Likelihood analysis

TESTOUT CYBERDEFENSE PRO


Threat Intelligence Sharing

ESTOUT CYBERDEFENSE PRO


Intelligence Types
Tactical
Strategic
Operational

TESTOUT CYBERDEFENSE PRO


Threat Intelligence Sharing

TESTOUT CYBERDEFENSE PRO


Threat Intelligence Sharing

TESTOUT CYBERDEFENSE PRO


Threat Intelligence Sharing

TESTOUT CYBERDEFENSE PRO


Threat Intelligence Sharing

TESTOUT CYBERDEFENSE PRO


Threat Intelligence Sharing

TESTOUT CYBERDEFENSE PRO


Summary
Intelligence types
Incidence response
Vulnerability management
Risk management
Security management
Detection and monitoring

TESTOUT CYBERDEFENSE PRO


Class Discussion
What types of sources can be used for intelligence gathering?
What are zero-day threats and why are they particularly dangerous?
What are the five phases of the security intelligence cycle?
What are the benefits of threat hunting?

TESTOUT CYBERDEFENSE PRO


2.3 THREAT INTELLIGENCE

Security
Controls

TESTOUT CYBERDEFENSE PRO


Key Terms
Code of ethics
Acceptable use policy
Password policies
Security frameworks
Security controls

TESTOUT CYBERDEFENSE PRO


Key Definitions
Code of ethics: A code of ethics is a set of rules or standards that help you to
act ethically in various situations.
Acceptable use policy: The acceptable use policy (AUP) defines how users
should use the information and network resources in the organization.
Password policies: Password policies detail the requirements for passwords
for the organization.
Security frameworks: Security frameworks are listings of objectives and
actions taken to mitigate risks.
Security controls: Security controls are hardware, software, firmware,
policies, and procedures used to reduce the risks of threats to your systems.

TESTOUT CYBERDEFENSE PRO


Security Frameworks and Policies

ESTOUT CYBERDEFENSE PRO


Security Frameworks
Performance goals
Performance evaluation
Reduce IT service risks
Policies and procedures
Compliance documentation

TESTOUT CYBERDEFENSE PRO


Prescriptive Frameworks
Policies and procedures
Monitoring
Intelligence-sharing

TESTOUT CYBERDEFENSE PRO


NIST Framework
Framework core
Implementation tiers
Framework profiles

TESTOUT CYBERDEFENSE PRO


Security Frameworks and Policies

TESTOUT CYBERDEFENSE PRO


Security Frameworks and Policies

TESTOUT CYBERDEFENSE PRO


Policies and Procedures
Code of ethics
Acceptable use policy
Password policy
Data ownership policy
Account management policy
Data retention policy
Monitoring policy

TESTOUT CYBERDEFENSE PRO


Summary
Risk-based frameworks
Prescriptive frameworks
Policies and procedures

TESTOUT CYBERDEFENSE PRO


Security Control Categories and Types

ESTOUT CYBERDEFENSE PRO


Security Control
Categories
Managerial
Operational
Technical

TESTOUT CYBERDEFENSE PRO


Security Control Types
Preventative
Detective
Corrective
Deterrent
Compensating
Physical

TESTOUT CYBERDEFENSE PRO


Evaluating Controls
Compatibility
Effectiveness
Compliance
Feasibility

TESTOUT CYBERDEFENSE PRO


Security Control Categories and Types

TESTOUT CYBERDEFENSE PRO


Summary
Security control categories
Security control types
Evaluate security controls

TESTOUT CYBERDEFENSE PRO


Class Discussion
What are the benefits of framework-based governance?
How do prescriptive frameworks differ from risk-based frameworks?
What is included in a data retention policy?
What are the four implementation tiers of a risk-based framework?
What are the three security control categories?
Which factors should you consider when evaluating security controls?

TESTOUT CYBERDEFENSE PRO

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy