Joe SłowikThe @sansinstitute #SANS #CTI #ThreatIntel Summit schedule is up - join me in January to discuss how #threatintelligence can drive #detectionenginnering in #infosec!
DadPunk
- 11 Followers
- 115 Following
- 7 Posts
Threat Intel
There hasn't been much reporting on #FIN6 lately but they have been active... not sure about successful but they have been active 😂
@jroosen Ya these are all good points. It's another one of those "it depends" questions. In most cases the context of this decision is like cobalt strike c2 or other more static infrastructure and not the tiered networks used by come of the bigger commodity malware variants. I do think interacting with law enforcement is unlikely for most people though.
The reason I ask is because I think both sides have value and its really a question of what motivates you, understanding or impacting the actor.
In an effort to be more social as folks migrate from birdsite to Mastodon here's my first post.
Something that I have been running into lately is the decision to take action on adversary infrastructure or to let it ride and monitor for new intelligence. Personally, I try to keep the actor from gaining anymore new victims if I can help it.
When faced with the opportunity to impact the actor's infrastructure what do you choose?
Take Action
Let It Ride
Poll ended at .
Jérôme Segura
Chris Sanders 🔎 🧠Y’all know that my courses go on sale once a year. That’s coming up on Friday. I’ll post when it starts here, but I’m also going to give a slightly larger discount for my mailing list subscribers. You can sign up for the list before the announcement here: https://chrissanders.org/list/.
It's a low-volume list -- primarily new course announcements, training content releases, and book/course giveaways.