Skip to content

Instantly share code, notes, and snippets.

@sroberts

sroberts/cti-and-ramen.md

Last active September 22, 2021 23:21
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save sroberts/27839843c579f56b998b87c48d4ea0cf to your computer and use it in GitHub Desktop.
Save sroberts/27839843c579f56b998b87c48d4ea0cf to your computer and use it in GitHub Desktop.
Download ZIP
My outline for my Cyber Threat Intelligence & Ramen: A Recipe for Both presentation
Raw
cti-and-ramen.md

Slides

Homemade Ramen & Threat Intel

A recipe for both

  • Scott J Roberts
    • Instructor: SANS FOR578 Cyber Threat Intelligence
    • Author: Intelligence Driven Incident Response
  • Metaphor Warning!!!
  • What is Ramen?
  • What Is Threat Intelligence?

The Goal

Understand the combination of tools, inputs, process, & people that lead to creating a threat intelligence capability.

The Tools

“something (such as an instrument or apparatus) used in performing an operation or necessary in the practice of a vocation or profession” ~ Merriam-Webster: Tool (Def 2a)

The Tools for Ramen

  • Tools
    • Tongs
    • Ladle
    • “Spider”
    • Knives & Cutting Boards
    • “Base Infrastructure:” Pots & Pans, Stove Top Burner
  • Infrared Thermometer
    • Aka Kitchen Laser Gun

The Tools for CTI

  • TIP: Yeti
  • Workbench: Maltego
  • Detections: Yara & Snort
  • 3rd Party Sources:
  • Passive Total & Shodan
  • Key: Fitting Into Your Environment

The Ingredients

“something that enters into a compound or is a component part of any combination or mixture” ~ Merriam-Webster: Ingredient

Ingredients for Ramen

  • Broth Base
    • 1 cup rough diced red delicious apple (about 1)
    • 1 cup rough diced garlic (about 3 heads)
    • 1 cup rough diced ginger
    • 1 medium yellow onion
    • 1/2 rack pork baby back ribs
    • 12 cups water
    • 1 cup soy sauce
    • Noodles
  • Broth Extras
    • 1 sheet kombu
    • handfull rough choped dry shiitake mushrooms
    • 1 half a diced sweet potato
    • Ends of 1 bunch green onions
  • Serving Extras
    • Slow Poached Eggs
    • Nori/Wakame
    • Siracha
    • Sweet Potato
    • Grilled Sweet Potato

The Ingredients for Threat Intelligence

  • Your own incidents
  • Your teams
  • Vendor Reports
  • Honeypots
  • Peers/Sharing Communities
  • 3rd Party Paid Intelligence

The Recipe

“a set of instructions for making something from various ingredients” ~ Merriam-Webster: Recipe (Def 2)

The Recipe for Ramen

  • Steps for Ramen - Bring water (Optional add dry shiitakes and nori) to a simmer
  • Add other ingredients (except noodles) and bring to a boil
  • Reduce heat and simmer 2.5-3 hours (reduced to about half)
  • Prepare noodles and serve with extras

The Recipe for Threat Intelligence

  • Intelligence Cycle
  • F3EAD
  • Lessons Learned & Practice

The Cooks

  • Great Cooks Eat (Consume)
  • Great Cooks Cook (Create)
  • Great Cooks Learn (Growth)

The Output

PICTURE OF RAMEN

Intelligence Products

  • RFIs
  • Short Form Reports
  • Long Form reports

Conclusion

Takeaways

  • Think about your tools
  • Get to know and understand your inputs
  • Focus on honing your processes
  • Grow your people

Ramen Recipe

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment