Stay ahead of cyber threats with immersion-style training in Reston, VA! Save $150 thru 1/29.


To attend this webcast, login to your SANS Account or create your Account.

Human Fingerprints in Malware and their Use in Cyber Threat Intelligence

  • Monday, October 28th, 2019 at 1:00 PM EDT (17:00:00 UTC)
  • Robert M. Lee and Tobias Johansson
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


Cyber threat intelligence analysts that look to track specific adversaries can look for the so called human fingerprints of intrusions. These human fingerprints are essentially choices that adversaries make that appear in intrusion data. A specific malware family or specific domain might not be that interesting. But the patterns the adversary has in configuration data, registration information, and more can be a useful data set to cluster intrusions by and create personas. In this webcast attendees will learn about the concept of human fingerprints especially as it relates to the Diamond Model of intrusion analysis. All webcast attendees will receive an early release of the whitepaper on this subject by the presenters.

Speaker Bios

Robert M. Lee

Robert M. Lee, a SANS certified instructor and author of the "ICS Active Defense and Incident Response" and "Cyber Threat Intelligence" courses, is the founder and CEO of Dragos, a critical infrastructure cybersecurity company, where he focuses on control system traffic analysis, incident response and threat intelligence research. He has performed defense, intelligence and attack missions in various government organizations, including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission. Author of SCADA and Me and a nonresident National Cyber Security Fellow at New America, focusing on critical infrastructure cybersecurity policy issues, Robert was named EnergySec's 2015 Energy Sector Security Professional of the Year.

Tobias Johansson

Tobias is a Cyber Security professional and a SANS alumni holding GIAC GREM, GCTI and GDAT certifications. He has experience from offshore & maritime automation and GIS application development. He holds a Specialist degree from the Swedish Armed Forces.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.