I’ve been feeling as if it’s time to freshen things up a bit with toolsmith and occasionally offer a slightly different approach to our time-tested process. Rather than always focusing on a single tool each month (fear not, we still will), I thought it might be equally compelling, perhaps more, if I were to offer you an end-to-end scenario wherein we utilize more than one tool to solve a problem. A recent series I wrote for the SANS Internet Storm Center Diary, a three-part effort called Keeping the RATs Out (Part 1, Part 2, Part 3), I believe proved out how useful this can be.
I receive and review an endless stream of threat intelligence from a variety of sources. What gets tricky is recognizing what might be useful and relevant to your organizations and constituencies. To that end I’ll take one piece of recently received intel and work it through an entire lifecycle.
more here................http://holisticinfosec.blogspot.com/2014/08/toolsmith-threats-indicators-security.html
I receive and review an endless stream of threat intelligence from a variety of sources. What gets tricky is recognizing what might be useful and relevant to your organizations and constituencies. To that end I’ll take one piece of recently received intel and work it through an entire lifecycle.
more here................http://holisticinfosec.blogspot.com/2014/08/toolsmith-threats-indicators-security.html