Research Sources (Threat Actors, Intelligence Sources, & Vulnerabilities) Flashcards
Vendor web sites
Cisco, Microsoft, Amazon Web Services, as also security companies like Fortinet, Symantec, McAfee, sans.org, CrowdStrike all those different web sites, Splunk, Rapid7, to name a few
Vulnerability feeds
vulnerability databases like CVE and NVD
Conferences
DEFCON, blackhat conferences, RSA conferences, the sans.org conferences
Academic journals
various academic journals and magazines, requests for comments
Request for Comments (RFC)
IEEE is going to have their fleet of RFCs
Local industry groups
local groups of, let’s say, REDIS database people, Palo Alto networks practitioners, people that specialize in HIPAA security, other local groups
Social Media
part of our information gathering and open source intelligence. You can get some good information in Twitter feeds
Threat feeds
e-mail bulletins, text messaging, RSS feeds from sans.org. from Cisco, advanced malware protection. Threat feeds from different cloud service providers as well
Adversary tactics, techniques, and procedures (TTP)
TTPs are a kind of indicator of compromise, indicator of actions, IoAs: this is basically how threat agents and threat actors orchestrate and automate and manage their attacks
OSINT tools
OSINT tools like Maltego, which can help you categorize and delineate and visualize all this different information throughout the entire Internet
Emerging social media tools
be on the lookout for new tools that show up in new builds of exploit kits and KALI Linux and obviously word of mouth
Word of mouth
Building your own community, maybe through LinkedIn and sharing information in chat rooms and e-mail. Getting together in a Zoom conference and sharing information through word of mouth
