3 Days Left to Get MacBook Air, $400 Amazon Gift Card, or Take $400 Off with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Clustering, Sourcing, and Correlating All Things Indicators

  • Thursday, September 28, 2017 at 3:30 PM EDT (2017-09-28 19:30:00 UTC)
  • Kyle Wilhoit, Rebekah Brown


  • DomainTools

You can now attend the webcast using your mobile device!



Most individuals working on blue, intelligence, or reverse engineering teams have worked with indicators of compromise (IOC) or indicators of attack (IOA). But, many analysts still have several questions related to how these indicators are sourced, processed, and pivoted on. Where do these elusive indicators come from? How does an analyst go about finding indicators? What can you do with IOCs/IOAs after locating indicators of value? Where can a pivot happen once an IOC is located? In this webinar join Rebekah Brown and DomainTools Sr. Researcher Kyle Wilhoit as they walk through all things indicators!

Speaker Bios

Rebekah Brown

Rebekah Brown has spent more than a decade working in the intelligence community; her previous roles include NSA network warfare analyst, operations chief of a United States Marine Corps cyber unit, and a U.S. Cyber Command training and exercise lead. Rebekah has helped develop threat intelligence and security awareness programs at the federal, state and local level, as well as in the private sector. Today, Rebekah leads the Rapid7 threat intelligence programs, where her responsibilities include program architecture, analysis and operations. She is a course author and instructor for SANS FOR578 - Cyber Threat Intelligence, and author of Intelligence Driven Incident Response.

Kyle Wilhoit

Kyle Wilhoit is an internationally recognized security researcher with more than a decade of experience leading research teams to deliver timely and organized threat intelligence to internal and external customers. In his current role as Senior Security Researcher at DomainTools, Kyle is leading efforts to do primary research on DNS-related exploits, investigate current cyber threats, and explore attack origins and threat actors. Before joining DomainTools, Kyle was a Sr. Fellow at ICF International, responsible for establishing a managed threat intelligence service offering. Kyle was also a Senior Threat Researcher for Trend Micro, where he was responsible for identifying, vetting, and exposing threat actors, performing research on criminal miscreants and leading forensic investigations into high priority security incidents. Prior to Trend Micro, Kyle spent more than a decade performing threat analysis and leading security research teams for large companies, including Fireeye and a large energy company.


He has presented at cybersecurity conferences around the globe, notably FIRST, Black Hat USA, Blackhat Europe, SecTor, and Infosecurity Europe. Kyle has also served as a guest review board member for Blackhat US 2017. His research has supported investigative stories in several publications, including ABC, CNN, BBC, CNN, The New York Times, WIRED, MIT Technology, and many additional outlets.Kyle has extensive experience in Threat Intelligence, Penetration Testing, and SCADA/ICS Security. Kyle is an author on the newly released book- Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.