Link | Description |
---|---|
How the EITest Campaign's Path to ANGLER EK Evolved Over Time | Excellent overview of EITest and the payload and URL scheme changes it has seen since 2014. |
Your Package Has Been Successfully Encrypted | In-depth examination of a relatively new variant of the oft-iterated TeslaCrypt ransomware. Includes a great graphic that shows the rapid fragmentation of the ransomware industry. |
Angler EK from 82.146.46[.]242 – New URI Pattern | Analysis of Angler EK traffic from a particular host, showing a brand new URI pattern. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"basics": { | |
"name": "John D. Swanson", | |
"label": "Network Security Engineer", | |
"picture": "https://swannysec.net/public/avatar.jpg", | |
"email": "swanson.john.d@gmail.com", | |
"phone": "", | |
"website": "https://swannysec.net", | |
"summary": "Information security professional with more than seven years of experience in information technology and security. Specialties include network and security architecture and design, next-generation firewalls and intrusion prevention, vulnerability and risk assessment, information security awareness, and incident response. Holds a Master’s Degree in Information Assurance from an NSA/DHS National Center for Academic Excellence in Information Assurance and Cyber Defense Education.", | |
"location": { |
Resource | Description |
---|---|
Mandiant's APT1 Report | Somewhat dated, but the standard that many threat reports follow to this day. |
Symantec's Report on the Dyre Banking Trojan | Top to bottom look at a family of financial malware. |
Palo Alto Unit 42's Recent Look at Angler's Continuing Maturation | Really nice in-depth look at a specific exploit kit, showing, among other things, how bad actors utilize counter-intelligence to harden their malware and prevent blue team research. |
Resource | Description |
---|---|
The Definitive Guide to Cyber Threat Intelligence | From iSIGHT Partners. Nice overview, comprehensive and well formatted. |
Threat Intelligence: Collecting, Analysing, Evaluating | From MWR InfoSecurity and CERT-UK/CPNI in the UK. A bit more of a high-level overview, still an excellent starting point. |
Intelligent Intelligence: Secrets to Threat Intel Success | From David J. Bianco at Sqrrl. Pay particular attention to his "Pyramid of Pain" and the work/knowledge flows he outlines. |
I hereby claim:
- I am swannysec on github.
- I am swannysec (https://keybase.io/swannysec) on keybase.
- I have a public key whose fingerprint is 9E3E 6DA3 AD12 EE2F 6DD8 057D 8ED1 5CB0 BCCD EF6A
To claim this, I am signing this object: