Save $200 on Cyber Security Training at SANS Miami 2018. Ends 12/27.


To attend this webcast, login to your SANS Account or create your Account.

Clustering, Sourcing, and Correlating All Things Indicators

  • Thursday, September 28th, 2017 at 3:30 PM EDT (19:30:00 UTC)
  • Rebekah Brown and Kyle Wilhoit
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • DomainTools

You can now attend the webcast using your mobile device!


Most individuals working on blue, intelligence, or reverse engineering teams have worked with indicators of compromise (IOC) or indicators of attack (IOA). But, many analysts still have several questions related to how these indicators are sourced, processed, and pivoted on. Where do these elusive indicators come from? How does an analyst go about finding indicators? What can you do with IOCs/IOAs after locating indicators of value? Where can a pivot happen once an IOC is located? In this webinar join Rebekah Brown and DomainTools Sr. Researcher Kyle Wilhoit as they walk through all things indicators!

Speaker Bios

Rebekah Brown

Rebekah Brown is the threat intelligence lead for Rapid7, supporting incident response, analytic response and global services. She is a former NSA network warfare analyst, U.S. Cyber Command training and exercise lead, and Marine Corps crypto-linguist who has helped develop threat intelligence programs at the federal, state and local levels, as well as in the private sector at a Fortune 500 company. She has an Associates in Chinese Mandarin, a BA in international relations and is wrapping up a MA in Homeland Security and a graduate certificate in intelligence analysis. Rebekah is a course author for SANS FOR578, Cyber Threat Intelligence.

Kyle Wilhoit

Kyle Wilhoit is an internationally recognized security researcher with more than a decade of experience leading research teams to deliver timely and organized threat intelligence to internal and external customers. In his current role as Senior Security Researcher at DomainTools, Kyle is leading efforts to do primary research on DNS-related exploits, investigate current cyber threats, and explore attack origins and threat actors. Before joining DomainTools, Kyle was a Sr. Fellow at ICF International, responsible for establishing a managed threat intelligence service offering. Kyle was also a Senior Threat Researcher for Trend Micro, where he was responsible for identifying, vetting, and exposing threat actors, performing research on criminal miscreants and leading forensic investigations into high priority security incidents. Prior to Trend Micro, Kyle spent more than a decade performing threat analysis and leading security research teams for large companies, including Fireeye and a large energy company.


He has presented at cybersecurity conferences around the globe, notably FIRST, Black Hat USA, Blackhat Europe, SecTor, and Infosecurity Europe. Kyle has also served as a guest review board member for Blackhat US 2017. His research has supported investigative stories in several publications, including ABC, CNN, BBC, CNN, The New York Times, WIRED, MIT Technology, and many additional outlets.Kyle has extensive experience in Threat Intelligence, Penetration Testing, and SCADA/ICS Security. Kyle is an author on the newly released book- Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.