LevelUp 0x03 - Profiling the Attacker - Using Offender Profiling In SOC Environments by James Stevenson


#1

Abstract:
“It’s been said ‘‘Intrusion analysis is as much about tcpdump as astronomy is about telescopes”". Understanding who is attacking your or a customer’s network and why is just as important as analysing the packets on it.

This slot will focus on a technical offender profiling framework that can be used to build a knowledge base on malicious actors. This talk will delve into the following areas:

  • Building an information classification for your assets
  • Attack significance plotting
  • Attack factor comparison analysis
  • Discerning motive
  • Attacker kill chain analysis
  • Malicious actor profile checklist
  • Naming conventions for malicious actors "

Have a question for James? Post it here!