SANS Online Training: Top Cybersecurity Training, No Travel Required

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Human Fingerprints in Malware and their Use in Cyber Threat Intelligence

  • Monday, October 28th, 2019 at 1:00 PM EDT (17:00:00 UTC)
  • Robert M. Lee and Tobias Johansson
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

Cyber threat intelligence analysts that look to track specific adversaries can look for the so called human fingerprints of intrusions. These human fingerprints are essentially choices that adversaries make that appear in intrusion data. A specific malware family or specific domain might not be that interesting. But the patterns the adversary has in configuration data, registration information, and more can be a useful data set to cluster intrusions by and create personas. In this webcast attendees will learn about the concept of human fingerprints especially as it relates to the Diamond Model of intrusion analysis. All webcast attendees will receive an early release of the whitepaper on this subject by the presenters.

Speaker Bios

Robert M. Lee

Rob is a recognized pioneer in the industrial security incident response and threat intelligence community. He started in security as a U.S. Air Force Cyber Warfare Operations Officer tasked to the National Security Agency where he built a first-of-its-kind mission identifying and analyzing national threats to industrial infrastructure. He went on to build the industrial community’s first dedicated monitoring and incident response class at the SANS Institute (ICS515) and the industry recognized cyber threat intelligence course (FOR578).

Forbes named Robert to its 30 under 30 (2016) list as one of the “brightest entrepreneurs, breakout talents, and change agents” in Enterprise Technology. He is a business leader but also technical practitioner. Robert helped lead the investigation into the 2015 cyber attack on Ukraine’s power grid, he and his team at Dragos helped identify and analyze the CRASHOVERRIDE malware that attacked Ukraine’s grid in 2016 and the TRISIS malware deployed against an industrial safety system in the Middle East in 2017.


Tobias Johansson

Tobias is a Cyber Security professional and a SANS alumni holding GIAC GREM, GCTI and GDAT certifications. He has experience from offshore & maritime automation and GIS application development. He holds a Specialist degree from the Swedish Armed Forces.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.