queued up #cyberwar content from #LABScon22:

#LABScon Replay | Are Digital Technologies Eroding the Principle of Distinction in War?

https://www.youtube.com/watch?v=0190oHf8zEA&list=PLUzWZANghr3bfJ3teu-bvdAZJzmU0g4iY&index=5

Aeon Timeline continues to be a go-to tool for me when researching threat activity. Some updated thoughts for those interested:

▪️ ​After about 3,000 entities, the program will struggle greatly. This was apparent when researching Void Balaur for #LABScon22 (https://s1.ai/voidbalaur)

▪️ The bulk modifying of entities is not the best for our use case. I recommend exporting to CSV, changing, then importing back. PIA but it works.

▪️ One thing I wish was easier is the Google Docs-like live collaboration. Something like Maltego too. Version saves w/ uploads to shared storage is a decent alternative, but does require good communication with collaborators to ensure changes sync.

▪️ I still primarily use Aron for the manual, slow, and meticulous research efforts where I want to see it all and build the story at the same time (see attached screenshot on Ukraine). Synapse from Vertex Project is the way to go for automated / larger scale / long term retained needs. (Helped greatly on Void Balaur)

▪️ Reminder -- Here is a quick guide I wrote:
https://www.sentinelone.com/labs/putting-things-in-context-timelining-threat-campaigns/

▪️ "Threat Research" Aeon template I use daily:
https://github.com/SentineLabs/aeon

#ThreatIntel #infosec