Last week Sarah Edwards attended MacDevOpsYVR in Vancouver, Canada, and had a talk about her simple tool for advanced forensic analysis – APOLLO or Apple Pattern of Life Lazy Output’er. The presentation is available here.

This presentation will examine the analytic mistakes the infosec community has made over the past ten years when attributing nation-state cyber attacks. The authors will contrast successful and failed attempts at attribution to identify the root causes of failures. The talk will cover basic logical fallacies (eg, mirror imaging and cherry picking) and briefly explain pivoting pitfalls when observing TTPs …

Here are research, tools and scripts presented at Magnet User Summit 2019 by Yogesh Khatri and Jack Farley.

This talk uses a real-life case scenario to prepare attendees for responding to security incidents affecting G Suite users. It’s the norm now to hear companies discussing “moving to the cloud”. Before long your data center servers are going to be antiquated technology. Though the transition to the cloud marks an exciting time in Information Technology, digital forensic investigators and …

Steve Watson discusses his research at DFRWS US 2018:

(Threat) Hunting has been around long enough that most agree it should be part of any comprehensive information security program. In any cat and mouse game, tooling will never catch all evil. We need to apply creativity, analytical thinking, and keep humans in the loop. The challenge, of course, is that human hours are scarce and expensive. Most organizations cannot …

Joe Sylve discusses his work at DFRWS USA 2018:

In a threat landscape characterized by targeted attacks, fileless malware, and other advanced hacking techniques, the days of relying solely on traditional “dead box” forensics for investigations are… well, dead. Live forensics, a practice considered a dangerous and dark art just a decade ago, has now become the de facto standard. However, many Computer Security Incident Response Teams still struggle …

How much information about a threat can you find using a single IP address, domain name, or indicator of compromise (IOC)? What additional threats can you identify when looking at attacker and victim infrastructure? To discover and analyze the infrastructure behind large-scale malware activity, Josh Pyorre and Andrea Scarfo will look at known indicators from popular botnets spreading such threats …

Presentations from Cyber Threat Intelligence Summit & Training 2019 are already available at SANS website. You can access them here.