Tag Archives: Cyber Kill Chain

DFIR

The Who, What, Where, When, Why and How of Effective Threat Hunting

Excellent paper from Robert M. Lee and Rob Lee about what it is Threat Hunting, when you should implement it, how to make it more effective; whom should be taking care of this role, in which part of your organization should be located, among other things.

Highly recommended if you’re interested on the Intelligence methodologies and implementing this practice on your company’s maturity model.

You can find this paper at the SANS DFIR community here.

Standard
DFIR

Intel Driven Defense – Recommended reading

Great paper about the CND and Cyber Kill Chain, a short explanation (around 14 pages) on the intelligence process from both sides of the equation: “The Adversary” and “The Defenders”. How to take advantage of every piece of information and correlate it with it’s spot on the chain, developing a better reactive and proactive plan.

You can find it here.

Standard