Abstract:
“It’s been said ‘‘Intrusion analysis is as much about tcpdump as astronomy is about telescopes”". Understanding who is attacking your or a customer’s network and why is just as important as analysing the packets on it.
This slot will focus on a technical offender profiling framework that can be used to build a knowledge base on malicious actors. This talk will delve into the following areas:
- Building an information classification for your assets
- Attack significance plotting
- Attack factor comparison analysis
- Discerning motive
- Attacker kill chain analysis
- Malicious actor profile checklist
- Naming conventions for malicious actors "
Have a question for James? Post it here!