I hereby claim:
- I am swannysec on github.
- I am swannysec (https://keybase.io/swannysec) on keybase.
- I have a public key whose fingerprint is 9E3E 6DA3 AD12 EE2F 6DD8 057D 8ED1 5CB0 BCCD EF6A
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
Resource | Description |
---|---|
The Definitive Guide to Cyber Threat Intelligence | From iSIGHT Partners. Nice overview, comprehensive and well formatted. |
Threat Intelligence: Collecting, Analysing, Evaluating | From MWR InfoSecurity and CERT-UK/CPNI in the UK. A bit more of a high-level overview, still an excellent starting point. |
Intelligent Intelligence: Secrets to Threat Intel Success | From David J. Bianco at Sqrrl. Pay particular attention to his "Pyramid of Pain" and the work/knowledge flows he outlines. |
Resource | Description |
---|---|
Mandiant's APT1 Report | Somewhat dated, but the standard that many threat reports follow to this day. |
Symantec's Report on the Dyre Banking Trojan | Top to bottom look at a family of financial malware. |
Palo Alto Unit 42's Recent Look at Angler's Continuing Maturation | Really nice in-depth look at a specific exploit kit, showing, among other things, how bad actors utilize counter-intelligence to harden their malware and prevent blue team research. |
Link | Description |
---|---|
How the EITest Campaign's Path to ANGLER EK Evolved Over Time | Excellent overview of EITest and the payload and URL scheme changes it has seen since 2014. |
Your Package Has Been Successfully Encrypted | In-depth examination of a relatively new variant of the oft-iterated TeslaCrypt ransomware. Includes a great graphic that shows the rapid fragmentation of the ransomware industry. |
Angler EK from 82.146.46[.]242 – New URI Pattern | Analysis of Angler EK traffic from a particular host, showing a brand new URI pattern. |
{ | |
"basics": { | |
"name": "John D. Swanson", | |
"label": "Network Security Engineer", | |
"picture": "https://swannysec.net/public/avatar.jpg", | |
"email": "swanson.john.d@gmail.com", | |
"phone": "", | |
"website": "https://swannysec.net", | |
"summary": "Information security professional with more than seven years of experience in information technology and security. Specialties include network and security architecture and design, next-generation firewalls and intrusion prevention, vulnerability and risk assessment, information security awareness, and incident response. Holds a Master’s Degree in Information Assurance from an NSA/DHS National Center for Academic Excellence in Information Assurance and Cyber Defense Education.", | |
"location": { |