Through the user interactive labs the student will learn:
A handy acronym and method of constructing threat data into intelligence. It stands for (C)onstellation (H)istory (R)eputation (I)ntent (M)alware (E)xecution and is aimed at rapidly helping an analyst turn data into linked, correlated and context infused information that can be profiled and analyzed into intelligence. CHRIME provides a mnemonic to rapidly outline information about a threat, whether an element of DNS, an indicator belonging to a system, a person, a piece of hardware, etc.
Date & Time
(Round Rock) Aug 18
1205 Sam Bass Road, Suite 300
Round Rock, TX 78681
- Individuals new to or desiring a better understanding of how to understand Threat Intelligence concepts.
- Professionals who deal with technical issues but feel they do not have enough background in Threat Intelligence
- Technical professionals that need to be armed with greater knowledge of incident response, Threat Intelligence and their role in resolving incidents.
- Laptop required
- Requires basic knowledge of computers, technology and command line interface (CLI)
- Assume students can open and operate browsers, find and use the command line, execute scripts and open programs
- Prior experience not required
- Understanding of virtual machines (VM) and how to use one.
- Assume students understand how to import and power on a VM
Monty St John
Monty St John has been in the security world for more than two decades. When he is not responding to incidents he teaches classes in Threat Intelligence, Incident Response and Digital Forensics.
2. What is CHRIME?
3. Breaking it down
4. Use Cases and Application
5. Additional Sources of Data
6. Automation and Tools
7. Wrap up and Close
Certification of Completion